I don’t believe it’s possible for a CA to decrypt TLS traffic with their private keys. They sign a site’s public key with their own private key after verification but are never given the private key itself. Public CAs only provide identity verification, they do not take part in the encryption process itself. Let’s Encrypt is perfectly safe in that regard.
I don’t believe it’s possible for a CA to decrypt TLS traffic with their private keys. They sign a site’s public key with their own private key after verification but are never given the private key itself. Public CAs only provide identity verification, they do not take part in the encryption process itself. Let’s Encrypt is perfectly safe in that regard.