alt Hacker News> Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena
LetsEncrypt certainly doesn't, but I've seen certificate storefronts that generate the key on their side and provide you the key and the certificate, so you don't have to figure out how to generate a key.
The Certificate Authorities are specifically forbidden from doing this because it's so obviously a terrible idea. Many of them also require that their resellers (obviously Let's Encrypt basically doesn't have resellers because that's stupid) also do not do this because it's a terrible idea.
But yes, you're correct that, especially when "cheap SSL" was a thing, outfits which did this really existed. In fact one of the companies which did this, and then deliberately revealed customer keys, resulting in all the affected certificates being revoked, isn't even bankrupt so apparently their customers are so stupid than they're still paying money for a service that's much worse than useless. Not an optimistic thought about humanity.