Let's encrypt entered public beta and there is a Debian package in experimental for their client available.
After some reading and testing I came up with the following commandline to give me what I want:
letsencrypt --manual --config-dir $HOME/letsencrypt/etc \
--work-dir $HOME/letsencrypt/var --logs-dir $HOME/letsencrypt/logs \
--server https://acme-v01.api.letsencrypt.org/directory \
--domains kleine-koenig.org,www.kleine-koenig.org,blog.kleine-koenig.org,lists.kleine-koenig.org,cgi.kleine-koenig.org,wiki.kleine-koenig.org,caldav.kleine-koenig.org,mail.kleine-koenig.org \
certonly
So now you can read this message via https and probably don't be bothered by your browser for an invalid certificate any more. Hurray!