actually i agree with such separation and having the webroot plugin take more center stage as it would be alot easier for different web servers/control panels to do what they do and know best web server/control panel wise in automating a https vhost first and just feeding that vhost’s web root via webroot authentication
1st, it would give web servers/control panel users absolute trust in that their own implementation of server side configuration isn’t touched by letsencrypt client itself. I know this would be a concern for some
2nd, it would give letsencrypt folks full control over the issuance side via webroot authentication so that any 3rd party clients don’t fall behind on updates.
3rd, lessens burden on letsencrypt folks to cater and know about every web server type/os configuration out there - of course if you focus on the following you’d have alot covered - debian/ubuntu/rhel/centos apache and nginx + directadmin, plesk, cpanel.