Lets Encrypt Is Insecure
Lets Encrypt has recently been the target of a few news stories. A brief review of Lets Encrypt documentation highlights the basic problem with Lets Encrypt is a reliance on the ACME protocol's gaping security hole of equating DNS A record server IP addresses with domain ownership.
It's very clear that if a domain has a wildcard host record that Lets Encrypt will automatically enable any root user of DNS A record IP address host to generate an near unlimited number of subdomain certs.
All these subdomain certs will be viewed as valid certs by most browsers because of the IdenTrust cross cert.
Since control of a given host included in a DNS A record does not equate to domain ownership, Lets Encrypt certs should not be recognized at the same trustworthiness of DV certs issued by a standard CA.
Why should the Internet trust Lets Encrypt at the same level as DV certs? If you don't trust the admins of whatever server is behind an IP address to represent your domain, then you shouldn't add that IP address to your domain. I don't see a problem here. Because just about any other CA also offer the domain validated certificates through the same kind of validation process?