They use Let's Encrypt's free certificates from what I can tell; their certificates can be easily auto renewed and this is encouraged (which is one of the reasons their validity is short).
I am not well informed so i have no statement about it.
-snip-
You don't need to make a statement; I know what I'm talking about as this is literally the same setup that I've been using for a very long time.
-snip-
I used to use HostGator for my hosting previously later I found out that they do not allow to modify the mod_security function. I tried to explain why It is important for me but they have their terms which I had to accept. On the other hand, I have to run my business too. So, I decided to move from them. I had to chose one who allows mod_security to modify.
In reality, most of the big service providers provide modification of mod_security but in this case hostgator had something different in mind.
They are hosted on Vultr (at least the front-end is), there should be no such restrictions for their VPSes.
So they aren't even able to automate the renewal
Could this be a security feature, so that the site can't be used for long if the server is taken (by authorities)?
No. The authorities could trivially issue another certificate from Let's encrypt if they had control of the server. It requires you to just run 1 command.