Isn’t this also what many companies do to monitor web-traffic from their network?
Then trusting root CAs is a non-issue?
Good point. Who’s to say that LetsEncrypt doesn’t keep a copy of my private keys?
When I visit one of the sites I manage, that goes through CF (my personal ones don’t), I see that the certificate that the browser sees is one provided by CF and not the one that I create using LetsEncrypt.
Thanks for the links