Hey there, @schoen
Thank’s for the information makes me happy to be using Let’s Encrypt over paid certificate authorities.
It is awesome and makes me glad Let’s encrypt does not try to justify or make excuses and aims to fix the problems as soon as possible.
I don’t know how many millions of certificates are publicly in use by those companies that are getting banned but I saw how many are in use right now by Let’s Encrypt via the stats ( https://letsencrypt.org/stats/ ), It seems to be something that can be extremely devastating to one day see your sites are inaccessible because the trust chain has been broken by the company who provided you a paid or non-paid certificate.
But from what Google provide as evidence the grounds for the bans do come after multiple violations it seems and in the Symantec case it seems they tried to justify it by saying the following.
In the event Google is referring to, 127 certificates – not 30,000 – were identified as miss-issued, and they resulted in no consumer harm.
Even the 127 miss-issued is a large number even 1 certificate is to many for a security company.
Here is their growing blacklist of certificates, chains and CA’s that manage to land/slam themselves in there.
I can’t see the Let’s Encrypt certificates you mentioned in there but I guess if the valid date the certificates had on them meant they have expired within the 90 days Let’s Encrypt certificates are valid for that may be the reason.