I don't fully understand our setup, but here's what I've been told:
First of all, our Kentico instance serves multiple sites, several of which use SSL. The Kentico instance is hosted by an AWS EC2 instance. I've been told that some limitation of AWS, IIS, and SSL certificates requires that each site has a unique SSL port binding. The sites sit behind a load balancer that simply redirects port 443 to the actually bound ports.
Unfortunately, I'm no expert in SSL certificates and load balancers. In lieu of a solution I had to pull all of our CSS out of Kentico.