The FAQ suggests reporting such sites to Google and Microsoft. Let's Encrypt, however, per policy , will continue to issue certs to these criminals.
If you've been notified, or if you have the capability via API to discover, that you're enabling criminal activity, you should stop doing business with them.