![](https://lemmy.theonecurly.page/pictrs/image/e52b10de-59ae-444d-94a6-bd0779440f94.png)
![](https://lemmy.ml/pictrs/image/h1ChnLuBHr.png)
I don’t believe it’s possible for a CA to decrypt TLS traffic with their private keys. They sign a site’s public key with their own private key after verification but are never given the private key itself. Public CAs only provide identity verification, they do not take part in the encryption process itself. Let’s Encrypt is perfectly safe in that regard.
Open source is about ideas being freely shared and iterated on. Open hardware has benefits, making a lot of things more accessible to people. It’s not the end all of sustainability, but it doesn’t pretend to be either.