Time for a shout-out to DreamHost, who have partnered with LetsEncrypt to make using SSL with this website very, very easy. DreamHost have always aimed to make many actions against the site push-button, with sensible defaults, and clear documentation, and generating and attaching the certificate was a walk in the park.
I was a little surprised to see the certificate expiring so soon, but LetsEncrypt’s rationale is very sound: re-rolling certificates can and should be automated, and limiting the life time of a certificate automatically limits the exposure if the certificate is subverted. It is very much in line with a core idea that they have: the default for HTTP traffic should be across SSL, or in some other way encrypted.
For me, the process was as simple as pushing the buttons on the DreamHost control panel, then do a bulk find-and-replace on my site to update any http links to be https. I will probably have to chase around the interwebs to find where I’ve published the old URL, but I’m pretty sure I’ve found and updated the important ones already.