We are using proxy in transparent mode/MITM mode which performs SSL encryption. We have a option of creating proxy self signed certificates so that client who connects through Internet goes via proxy where proxy performs SSL interception. Client must have proxy certificate in their trusted CA.
Now many clients here are vendor appliances in which we cant install proxy self signed certificate easily. But these devices trust well known CA’s which are in their trusted store. So if I create CSR from proxy and get it signed by Lets Encrypt which will make LE as root CA and Proxy as Sub CA. So clients with pre-installed trusted certificates can authenticate with proxy as well for SSL interception and we don’t have to install certificates on clients separately. Is it possible with LE?