The best idea we have found so far is to setup two Amazon EC2 micro machine instances with a small bit of nginx configuration. Then, provision two elastic IP addresses to point to those EC2 instances and point 2 A records to those IP addresses. This way, if something goes wrong on the hardware, you can always point your elastic IPs at another EC2 machine without waiting for DNS to propagate. Users going to https://example.com and http://example.com will get a 301 to the domain and no SSL warning.
server {
listen 80;
listen 443 default_server ssl;
server_name example.com;
ssl_certificate server.crt;
ssl_certificate_key server.key;
return 301 https://www.example.com$request_uri;
}
Another idea is to use the great service provided by wwwizer.