Please enable secure access (ssl/https) to Mailman’s web interface.
Having an invalid certificate (wrong domain) is fine, as long as its
encrypted for secure list admin/mod access and user password changes.
Here are directions how-to…
They could just use letsencrypt for this