just provide the certs and let users handle the security part
The problem is that there is no such thing as "optional security" (ex. see Theo de Raadt's rants on topic). Certificates are intended to provide transport security; if they are compromised, they are effectively useless. Let's Encrypt builds the tools which allow really easy provisioning, which helps TLS adoption in practical cases. The tools are going to be used by a lot more people than just those with infosec understanding, and I believe there should be some restrictions which make the whole ecosystem more secure.
I believe we'll have quite a lot of guides on Let's Encrypt for general public soon, and I would rather not see smth like
Just get a cert for two years and let it stay in there. Nah, that's fine. Who cares about rotation anyway?
Oh, something's not working? Did you trychmod 777?
It's quite easy to draw some similarities with SELinux from this point, I think.
Something breaks? Turn SELinux off. It's scary and it breaks stuff.