Hi,
some may have already said it, but certificate on https://lists.geany.org is invalid. I guess the one from Let's encrypt could be used (which now seems to be trusted)?
could you elobarate a bit what exactly you mean by "invalid"? This is a wildcard certificate for *.geany.org and is valid until April 2016. Your browser might try to trick you into the assumption the certificate is invalid because your browser does not trust the CA of cacert.org who signed our certificate. But this does not mean our certificate is invalid. It's just that the major browser distributors don't accept the root certificates of cacert.org.
And yes, we will think about using the new Let's Encrypt certificates. However, as far as I know, the currently available certificates are also not yet trusted by the majority of applications. Those new, automatically trusted certificates will first be available some time in November.
Regards, Enrico