Yup. No question.
LOL..
So, in a sense, I am doing this as a courtesy.
Yup I get that.
I will look at lensencrypt and the "40acme" idea. Together with the delta presented by mmccarn, this gives me another option for greater control.
Think letsencrypt example may be the way to go but I'm onlt on a mobile currently so can't check easily.
About the bug regarding https redirect, what should a server do beyond forcing the redirect? Is the idea that if force ssl is asserted the server should not redirect but refuse?
I can't remember exactly. Pretty sure there is at least one thread here on the subject, plus a bug
But in essence I think yes you are right.
Have a search around.