I've actually had the opposite experience - it was easy enough to download/set up, and then it was just a matter of getting the letsencrypt daemon on the box to manage certs.

That said, I went in with pretty low expectations since it's a reference implementation - I think one of the great advantages of the open-source protocol is that anyone can design/build their own implementations with better UX on the sysadmin side. There are already projects in the works written in golang/rust, and I'm sure if the protocol takes off other languages will follow.

I do agree that the identity server piece is weird. I didn't set one of these up, so I haven't really looked into it (I don't have any 3rd party IDs connected to my matrix username, which from my cursory research is what the identity servers are for) but the philosophy behind them seems to go against the federation narrative the rest of the protocol is designed around. If anyone has done more research into this part of the protocol I'd love to be corrected on this point.