Arstechnica reports
In July of 2017, the nonprofit certificate authority Let's Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free "wildcard" certificates to enable secure HTTP connections for entire domains. Today, Let's Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.
[....]Many hosting providers already support the registration of Let's Encrypt certificates to varying degrees. But Let's Encrypt's free certificate offering hasn't been snapped up by some larger hosting providers—such as GoDaddy—who also sell SSL certificates to their customers.
(Score: 2) by NotSanguine on Thursday March 15 2018, @08:09AM
Those are all poor use cases for *any* external (free or otherwise) certificate.
An internal CA should be used for these types of use cases, not an external one.
As an aside, the CA in question calls itself "Let's Encrypt" as its goal is to increase the number of *internet* facing servers that can communicate via TLS.
The use cases you mention are both orthogonal and pretty much irrelevant to Let's Encrypt's mission. That you don't understand this speaks volumes about your knowledge of such things.
Setting up an internal CA is fairly simple, as long as you take a little time to learn what you're doing.
Here's a place to start [wikipedia.org]
There are a number of Open Source PKI implementations that you can use for this purpose:
https://en.wikipedia.org/wiki/OpenXPKI [wikipedia.org]
https://en.wikipedia.org/wiki/OpenCA [wikipedia.org]
https://en.wikipedia.org/wiki/DogTag [wikipedia.org]
And even if you're using a proprietary [wikipedia.org] environment, it's available there too.
No, no, you're not thinking; you're just being logical. --Niels Bohr