Here is another update from DigiCert:
https://blog.digicert.com/onion-officially-recognized-special-use-domain/
Sounds as if this is all a little too early to be useful to the bulk of users. Also, it sounds as if for the time being, .ONION requires EV certificates, which LetsEncrypt by definition cannot issue. I am sure, over time, the rules will be worked out better and eventually certificates for .ONION will be more readily available; maybe, at that point, LetsEncrypt can also join the action.