I renewed three certificates with StartSSL yesterday. It took me literally a couple of minutes to do so.
I have also written up how the entire process works (from generating the key to creating the CSR and getting the thing signed) for a specific (non-webserver) use case and while I don't claim my writeup is perfect, several people have had no difficulty following it in under 15 minutes, even though it was the first TLS certificate they ever installed.
So your point is both that it is so easy it took "literally a couple of minutes" but so difficult "you've written up how the entire process works" that you've had to share with "several people" so they could repeat the same exercise...
Agreed. As an expert in various things, I have learned to try to shut my mouth when the topic is how easy those things are for novices.
A young friend is learning to program, so I set up a virtual server as a place for them to upload things. It was only when I went to give them the account information that I had to stop and think about how complicated the "easy" act of uploading files via SSH is. Shell commands, directory trees, working directories, the fact that the web site is in /var/www and what that means, why index.html is special, what ssh keys and asymmetric encryption are, what a bastion host is, etc, etc.
That's not contradictory at all. Plenty of system administration tasks fall into the category of "easy to perform but not self-evident to someone with no experience".
No contradiction, something being easy does not imply it being self-evident / obvious. There are many simple things that are non-obvious without retrospect.
I have also written up how the entire process works (from generating the key to creating the CSR and getting the thing signed) for a specific (non-webserver) use case and while I don't claim my writeup is perfect, several people have had no difficulty following it in under 15 minutes, even though it was the first TLS certificate they ever installed.