You still have to provide some proof that you are who you say you are by publishing a specific webpage on the site that will get the certificate or by publishing a specific DNS record on the domain. Self-signed certs don’t have that requirement so people could make certs for google.com if they wanted to.

Because of the man in the middle attack.

A self signed certificate could be a fake certificate created to trick you. Let’s Encrypt checks the domain name to make sure the certificate is owned by the domain name at least.

For example, if your Dad decides to run a man in the middle attack with the router to check if you are looking at porn, your Dad only has to issue self signed certificates. When you visit a webpage, he can program the local router to send you to his computer before going to the internet.

Kids Computer -> Dad’s computer -> Real Website.

Dad’s computer will make a self signed cert to interact with your computer, while decrypting the data from the real website. It then reencrypts the data with a self signed cert, that you suddenly decided to accept.

Now your dad / company you are working for knows you are browsing Porn and fires you. This may or may not have been inspired by real life events.

Except it turns out that it was the Bosses / Grandparents who were browsing Porn so nothing happened.

Anyway, Dad’s computer on this network setup cannot get a Let’s Encrypt certificate. The Sysadmins will go around to everyone’s computer or use Windows Group Policy to force the computers of the organization to trust a CA under control of the Sysadmins to get this man in the middle working.

the Cert just confirms, that the domain your accessing is belonging to who owns it. When you signup for a cert at LetsEncrypt, you have to run a script on the source, which confirms as your domain.
You wouldn’t be able to get a Cert for e.g. amazon.com - because you wouldn’t be able to run that specific script on the source and so LetsEncrypt couldn’t confirm if that domain really is yours or not. And that’s as well the reason, why not trust everyone,

It’s less about the trustworthiness of the site and more about confirming the site’s identity. Maybe the original is a scam site, but at least you know it’s the original.

If you look in the certificate store of your browser there are a number of issuing authorities that the browser will treat as valid source-of-truth providers for SSL certs. If a certificate doesn’t come from one of those, or is expired, or revoked the browser will throw up an alert to let the user know of the problem. Let’s Encrypt is a group created to issue these certs in an automated fashion just like the traditional CAs. Really it’s just a matter of which CAs are acceptable. Some organizations will remove trust for certain entities (Symantec for a while had removed the US Gov from the trusted issuers bundle for their Bluecoat proxies) if they deem an authority as suspect or potentially compromised. There wad also an incident several years ago where a major issuer had sent out an intermediate CA pair that a buisines ended up putting on a proxy that routed a big chunk of public traffic through effectively breaking the user’s encryption. That CA got banished from the common browsers shortly after.