> "HTTPS is difficult to set up and maintain."

> It just works if Caddy is your web server.

I wonder what percentage of people who thinks HTTPS is difficult to set up and maintain are able to run their own VPS and properly install and configure caddy.

Letsencrypt is a godsend compared to what we had before. But it can be difficult depending on what you run and after a few hundred domains things pile up.

You just purchase a domain. You decide to host on apache. You first have to setup http get the letsencrypt to perform the challenge. Once that's done you can install ssl.

The letsencrypt auto renewer is great until you run a version of linux unsupported.

The extra cost per request does add up as well.

The cost to support ssl isn't free but the certificate is and pretty seemless all things considered

Consider using an ACME client written in shell:

* https://github.com/dehydrated-io/dehydrated

* https://github.com/acmesh-official/acme.sh

There's a minor change for the pre/post-scripts to restart your web server, and telling the web server where "/.well-known/acme-challenge/" should be served from, e.g.,:

* https://salsa.debian.org/letsencrypt-team/dehydrated/-/blob/...

But otherwise I find there are a lot fewer moving parts (and dependencies) than ACME clients written in other languages.