Who else didn't see this coming?
It was so obvious as I stressed earlier that the Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites.
Users should be aware that a 'secure' website is not always or necessarily a safe website, and the best defense against exploit kits is still an easy go, i.e.:
Always keep your software up-to-date to minimize the number of vulnerabilities that may be exploited by cyber criminals.