txacme[0][1] provides a TLS endpoint to automatically issue (and renew)
certificates via the Let's Encrypt CA, allowing you to effortlessly turn on
HTTPS for your application. A brief demonstration can be seen here:
https://asciinema.org/a/41758

In support of this, txacme also includes a client implementation of
the draft-ietf-acme-acme-01[2] specification, and a service for
automatically checking and reissuing expired certificates. If the default
zero-configuration endpoint doesn't do what you want, then go wild with
these.

If you have any interest at all in txacme, please take a look at the
currently provided API, and ask questions and/or file issues on GitHub
should there be any aspects of your potential use case that are not covered
by the API as it stands; I would like to use the 0.9.x period to get a
solid API nailed down for the 1.0 release.

[0] https://pypi.python.org/pypi/txacme

[1] https://github.com/mithrandi/txacme

[2] https://tools.ietf.org/html/draft-ietf-acme-acme-01 — support
for draft-ietf-acme-acme-02 will probably be forthcoming once Let's Encrypt
actually supports this server-side.