Let's Encrypt does what is its purpose. Issue certificates for domain owner by verifying that they have access to that domain. It is not the purpose of the CA to check the content of the domain for illegal content. If anyone should be held accountable then it is the registrar, see<p><a href="https://www.icann.org/resources/pages/abuse-2014-01-29-en" rel="nofollow">https://www.icann.org/resources/pages/abuse-2014-01-29-en</a><p>That said there are some ways to mitigate this problem:<p>a) The domain owner can publish a 'CAA' record(s) in their DNS zone, which list Certificate Authorities that should be allowed to issue certificates. If Let's Encrypt sees this and it is not in the list, they will not issue an certificate.<p>b) Certificate Transparency: Let's Encrypt and other CAs inform neutral CT server about newly issued certificates. An organisation that is often targeted by abuse (e.g. PayPal) can monitor these and react appropriately if they detect malicious behaviour.