I did not say free and non-profit was bad… I asked about relative skin in the game and the implications of it.
And here is what LE is doing about the chain of trust: https://letsencrypt.org/certificates/
They are leaning on IdenTrust to cross-sign their intermediates… which sort of validates my point about dispersing the trust of CA KMS.
Again, y’all are so tunnel-visioned into the technical aspects of this you are missing the central point about “free and automated” begetting a “fire and forget” complacency…
See here for a little does of reality on PKI and digital certs: https://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/