Why a commercial certificate? A cheap commercial one (or free StartCom) is no "better" than a let's encrypt one, unless we are concerned about the cert chain baked into old devices (N900/N9 I assume) not including let's encrypt. But let's encrypt isn't dodgy, shoddy, confusing, complicated or anything. You run one script and it's all automated for you, including changing apache (or other server) config, that's the whole point of the thing. Seriously, anyone who's ever "set up" let's encrypt would never look back to using StartCom or paying tens of $currency for a cheap non-EV cert. I remember those old days with horror, all the manual faffing that used to be required.