There are third-party tools to assist with Cert Management, so somebody is just being lazy.
Originally Posted by TexomaCowboy
+1 The DDOS theories don't wash anymore.
OH2 and many other sites, including eccie, use free SSL certs from Let's Verify that can be auto-renewed every 60-90 days:
"The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server."