General brain dump from someone who's been doing this for a long, long time:
* Let's Encrypt certs expire every 30 days (apparently this has been increased to 90). There are "hacks" (as in shitty shell scripts, and generally borderline ridiculous nonsense) to try and "automate" getting a new cert + putting it in place via this method, which is disappointing when compared to, say, an actual decent CA (ex. NameCheap, Gandi, etc.) which will send you an Email reminding you that your certs need to be renewed before their expiry.
* Let's Encrypt doesn't support wildcard certificates citing some sort of ACME hard-on
. Otherwise you're going to need a cert that's for the root domain (this is something CA-based wildcard certs don't actually give you in most cases -- it ends up having to be one of the names in your subjectAltName list, i.e. you have to pay for it), one for www, one for forums, one for wiki, and god knows what else. Someone will need to do a full review of all DNS records that point to said server.
Oh, and don't forget about any redirections for old names, e.g. https://nesdev.parodius.com
will not work (I'm not going to get SSL for something legacy -- sorry). HTTP-to-HTTPS redirection is possible but "generally shunned" because it gives users a false sense of security when visiting legacy URLs.
* HTTPS is substantially slower and in some environments (very specific kinds of caching proxies) cannot be cached. One thing that's absolutely guaranteed is that the connection set-up time is substantially longer given the SSL negotiation overhead. SPDY helps with this, but SPDY isn't available in all webservers, and getting it to work correctly as a module in Apache is sometimes tedious at best. My point is, expect worse performance.
* Configuration of SSL/HTTPS -- meaning PROPER configuration, especially when CA/cert chains are involved! -- can be painful. Use of Qualys' SSL Test is highly useful, but the information given there isn't always immediately clear. How to configure Apache properly is substantially different than nginx, and the configuration methodology/approach even varies per CA (I'm not making this up -- it all depends on what the CA gives you back). I can't stress the importance of using Qualys' SSL Test. People screw up certificate chains all the time
* Actual forum or software configuration bits. Sometimes changing the scheme (HTTP -> HTTPS) will break badly with software configurations that need to know what the scheme is. Forum software and wiki software come to mind -- I can imagine them botching internal links and so on unless configured correctly. And sometimes there's multiple places this needs to be done.
* HTTP-to-HTTPS redirections within the webserver itself (e.g. mod_rewrite, not HTTP header Location: redirects!) may need to be done for things like images, i.e. there may be old links in people's forum posts or wiki content that refer to the http:// version. You get to deal with "migrating" all of those over to https:// otherwise.
* The admin now needs to begin tracking OpenSSL security holes (usually one or two coming out every few months at this rate) and patches for OpenSSL for their OS and/or Linux distro. In other words: what wasn't a concern before now becomes a serious concern. Let's not discuss the feasibility of switching to WolfSSL or LibreSSL at this time -- let's remain practical/realistic.
In other words: "other than the administrator's time" is putting it very, very lightly. SSL is a total nightmare.
That said, my personal (I'd border on saying professional) opinion is this: the main reason people want HTTPS (for non-banking-related things) is because they're don't want their L/P credentials possibly sniffed and decoded. That's it. So really the only things I'd recommend HTTPS be considered for are the forum and the wiki. There's nothing on the main site that warrants use of HTTPS.
So, at NameCheap, that's either $9/year (if you had separate certs, one per hostname; PositiveSSL), or $30/year (one cert for both hostnames, one as CommonName the other as a subjectAltName; PositiveSSL Multi-Domain). At Let's Encrypt, that's either one or two certs (not sure which), and the admin gets to deal with a bunch of bullshit every 90 days -- and if they fail to deal with it, users get a wonderful warning (often a dialog box) telling them of the expiry until it's dealt with.