Is Let's Encrypt the new swiss crypto ag?
Just wondering ... it does seem less far-fetched in the light of the swiss crypto ag revelations.
Are you familiar with how certificates and CAs work in general? You don't receive a certificate from the CA, they just sign and attest that the one you made is owned by you. The ways CAs go bad is not breaking any crypto but by signing a certificate that you don't own. This vulnerability is well known and LE takes industry-leading steps to mitigate it via the certificate transparency program which is a permanent auditable log of all certificates they sign.
Why are you specifically targeting LE with this post? Why not other CAs?
As a centralized piece of software that has made itself responsible for safely massaging millions of private keys, certbot would certainly be a juicy target for NSA to compromise.
Betteridge's Law says "No" ... and given certificates are generated locally, I don't see how the certificates themselves could be compromised. The trust in a certificate (or trust in a false certificate) could potentially be manipulated in by and upstream party.
I suppose it would be trivial for them to issue compromised certificates or record the private key in a targetted attack for a specific domain without anyone noticing.