Yes; I know about that. You set up a cron job for certificate renewal. That works automatically, until one day it stops, and then you have to pay somebody by the hour to dig around and find out why it stopped 
Often, the certificate issuer has vanished, changed its API, etc.
Of course those who get paid by the hour to do IT work are very happy about this. One certificate issuer I saw the other day expires its certs after 90 days, and put out a long blurb about why this is good practice, blah blah blah.
Now try running a community site, donation funded… I am fortunate to have some good volunteer help but some tasks require root access and one can’t hand those credentials out to just anybody. And all of those have to be paid for – hundreds of € per day. The moment anybody needs to be paid at a commercial rate, the cost of that dwarfs the cost of hosting the site.
No IT system works indefinitely.
Indeed, but there are degrees of what I would call “defensive practices”.
Building a “house of cards” is great for IT staff job security because something is always blowing up and needs to be fixed.
It will probably not impress you because it needs a human to install it but you can at least take a look at it:
