I too am not a fan of ACME and LE. I'd rather manually buy and activate the certificate once per year rather than deal with the "automation" that everyone is constantly overjoyed with. And that was the case for Gethly.com since the beginning. But the prices of certificates are not cheap and they provide ZERO advantage over the free LE certificates. Especially the wildcard certificates, which are the only types that make any sense whatsoever anyway. So a decisions was made to switch to LE with DNS challenge, which is the only type that supports wildcard certificates. Long story short, DNS provider had this built-in and so now it is a 50:50 automation and manual work. DNS provider sends a notification when certificate is going to expire and to get the new one and that is about it. A matter of two minutes of manual labour to sign into DNS provider's interface, copy the certificate and paste it into actively running application that then simply distributes it to all services. Longer story - doing the DNS challenge with DNS provider's API was doable, but ACME failed to detect updated records so luckily, instead of wasting time trying to get it working, DNS provider got us covered from the get-go.