While I don’t know much about Windows clients, I do know about how the certificate authority validates certificate requests. So,
- can you receive inbound connections from the Internet on port 80, as seen from the outside world’s point of view, using your domain name?
- how about on port 443?
- can you update arbitrary DNS records within the DNS zone?
If you or computers that you control are the only ones connecting to the site, then it’s better than having a CA-issued certificate (because you know whether it’s right, rather than relying on other people to tell you that it’s right). If you have people connecting from devices that you don’t control, then the Let’s Encrypt certificate may offer better security and convenience in some ways.
The certificate does not make the cryptography inside the connection more secure; it just says “this public key is OK to use when connecting to this site”. If you’re the site operator, you know what public key to use when connecting to your site better than any certificate authority does. But people connecting on their own devices that you don’t control may not know how to tell whether the key is right, and a certificate authority can help with that.