I set it up for my home server maybe a year ago. I'm not a web developer or system admin, but I am a highly experienced software engineer with a deep understanding of network protocols. The documentation didn't seem the greatest, basically being, "copy/paste this if you use Apache." My particular configuration was quirkier than the example assumed, and I had to go through a few rounds of troubleshooting. It definitely wasn't trivial.

> but I am a highly experienced software engineer with a deep understanding of network protocols

Thank you for your service

Lol, thanks. I rarely work on stuff exposed to the Internet. I've implemented multiple bare metal IP stacks from scratch, including Ethernet, DHCP, ARP, ICMP, and UDP. I've run real-time safety critical packets over TCP links. I've tunneled IP traffic through the international space station. I've done unforgivable things with iptables and awk.

The funny thing is that IPv6 short-circuits my brain. Why do I have four addresses, and where did they come from? Why isn't there a link-local address for loopback and wireguard?

For most modern blog hosts, it's a pushbutton solution or automatic.

For self-hosted, it's table-stakes knowledge. Failure to do it implies the site admin knows so little about modern security that their access logs are probably only thinly secured. It's an "admin smell," if you will.

The same people who'd claim http is a bad look would also tell you to pipe curl to bash with sudo.

That's a weird claim to make; what makes you think that?

Though I suppose https is a prerequisite for that pipe to maybe be safe. Piping curl to bash varies from stupid to just fine depending on context.

Just look around at lots of how-tos, particularly ones that tell you how to generate and set up certificates.