Oi @valeriocarvalho,
You can see that the use of Let’s Encrypt certificates within the Brazilian government has already become common.
https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:true;domain:gov.br&lu=cert_search
In fact, it became so common that we had various threads on this forum related to rate limit exceptions for Brazilian state government subdomains. If you search this forum, you can find some of those threads and maybe contact some of the people who’ve been using Let’s Encrypt certificates in Brazilian state and federal government agencies.
I think it’s important to consider the threat models here. In addition to the examples that @tdelmas gave, some people mistakenly think that certificate authorities can intercept communications between users and the sites that use their certificates. This is not true because the certificate authority never possesses or accesses your private key. The certificate authority only knows your public key, which is the same information that end users of your sites and services will receive.
It’s true that certificate authorities can facilitate attacks against web sites by issuing false or inaccurate certificates. In this case the false certificate could be used by an active attacker to spy on the visitors to the site, if the attacker controls part of the network that the visitors are using. A very famous example of this was when someone in Iran hacked certificate authorities in the Netherlands and the United States and issued false certificates for major web sites, which were then used by the Iranian government to spy on visitors to those sites. However, an important thing to consider about that case is that those sites were not customers of the hacked certificate authorities. Using a hacked certificate authority to attack a site did not require that the site have any existing relationship with the certificate authority at all. There’s no obvious reason that their vulnerability to this attack would have been any greater, or any less, based on which certificate authority they were using, because generally any public certificate authority always has the authority to issue certificates for any web site.
The other examples that @tdelmas gives are also quite valid.
Someone might also want to limit (1) the public disclosure of internal host names, or (2) the technical ability of foreign certificate authorities to issue certificates for a particular site. Currently, the most popular web browser, in its default configuration, does not provide any options that would allow someone to achieve these goals, because all host names in certificates must be publicly disclosed by every publicly-trusted certificate authority, and every publicly-trusted certificate authority has the ability to issue certificates for every site. The only way to achieve either of these goals, then, is with a custom browser configuration, using a non-publicly-trusted certificate authority.
An exception is the use of wildcard certificates, which don’t publicly disclose exact host names because they are valid for any subdomain of a particular name. So for example you could have a certificate for *.sigiloso.gov.br and it would be valid for segredo.sigiloso.gov.br, without publicly mentioning that specific name in the certificate.
Several governments, including the Brazilian government, have operated internal public-key infrastructure including their own certificate authorities. This could be a very good idea for government security requirements, because it could be part of a strategy to avoid trusting foreign entities with the power to certify the government’s infrastructure, but it probably only improves security at all if all of the site visitors are using custom browsers. That’s because the site visitors should (1) trust the government PKI, and (2) not trust other certificate authorities for specified government-related domains. That won’t work if members of the public or government employees have to visit the site using off-the-shelf browsers or devices.
Participating in a public PKI (including simply by supporting off-the-shelf browsers like Chrome) comes with security trade-offs. The industry is trying to make these trade-offs better with mechanisms like Certificate Transparency, so that if someone issues fraudulent certificates for your domain name, you should be able to find out about the problem (which was not quite true at the time of the Iranian attack I mentioned above).
Espero que isso faça sentido e posso discutir o assunto em português também se tiver outras dúvidas.