Have a look at the discussion - Easiest way to use Let's Encrypt - #6 by Osiris
If I was a user of your system then I have to agree to the terms ( understandably) of the Let's Encrypt Subscriber Agreement. In that it states that need to immediately revoke the certificate if a key has been compromised, and that is defined ( amongst other things) as
"A Private Key is said to be compromised if its value has been disclosed to an unauthorized person, an unauthorized person has had access to it, or there exists a practical technique by which an unauthorized person may discover its value."
Now, I'm sure you are a perfectly honest person, but I have zero knowledge of how secure your server, script etc is and you are not an "authorised person" as far as I'm concerned to hold my private key. You are essentially asking me to trust you, and your script / server security. If someone did hack into your server, how are you going to inform everyone who has generated a key through your server that they need to revoke their certificate and generate a new one ?
If it's on my server ( as it needs to be ) for my website, then I have a series of controls / permissions etc that I use to manage access, and unless a hacker accesses into the server all access is "authorised". If someone unauthorized got in, I'd be revoking my keys.
I agree, the technical support and server admin folk at a web hosting provider can have access to the server / website / private key. They are all under certain agreements though that provide access under given rules. The key difference here, is that's all under my control, on my server ( even if a shared server ) it's all in one place, and never been elsewhere.