Let’s just say a widely-used commercial one for which a plugin for LE exists. The hosting provider (not entirely my choice, but then it’s not me paying for it) does not have that plugin installed and appears to have no plans to do so at present.
Each renewal for the site in question requires use of one web form: one textarea for the new certificate and (maybe) one textarea for the intermediate certificate (which I can omit if I don’t mind certain SSL checking sites complaining about an extra fetch being required).
Paid-for certs are overkill since there’s no commercial activity on the site, and I’m avoiding self-signed because, though I’m happy to add an exception for a certificate which I know that I’ve created, I can’t say that others who’ll be using the SSL part of the site would accept it or even properly understand.
Yes, I have the actual generation of the certificate automated and I should be able to automate checks of remaining lifetime and actual certificate installation now that I’ve gathered some info about using openssl to check such things. (The locally-installed docs faithfully follow the age-old Unix tradition of being useful if you already know everything about the program and just need a reminder.)
Re. thread topic: I have a certificate renewal period which I’m… approximately happy with. I’m not convinced about two-monthly renewal, and I’d definitely set quarterly if the certificate lifetime adequately covered that. (Which could be why it’s set to a little short of your typical common or garden three-month period.)
Full automation – yes, would be nice, but it does look like that’ll have to wait.
I’ll just set them down, net properly attached, next to and facing this conveniently large wall. Is that okay?