Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Unfortunately you can't use Let's Encrypt certificates for code signing (Certificates have a set of purposes that the CA validate them for use with, in the case of LE certs that's just server identity and client identity based on domain name)..
Traditionally you would purchase a code signing certificate from Comodo/Sectigo etc - this now involves proving your own identity, usually things like submitting a photo of your government ID next to yourself etc.Recently Code Signing has gotten a little more complex because there is a requirement for private keys to be held in hardware security modules nad increasingly people will need to use cloud services that have this setup for them. An example is Azure Code Signing (currently in preview), which I will probably move to myself eventually.
It's been a problem for about 20yrs to varying degrees. The easiest way to publish signed software is to publish through the respective platform apps stores (like Windows Store, Mac Store etc) because those distribution channels handle the signing.
Plenty of tools (hundreds of thousands, if not millions of them) are still distributed as standard downloads with no signing and they just put up with the OS warnings, it's an impediment but it's usually not a blocker.
I have to agree with Christopher [@webprofusion].
I'd much rather install an app from a "trusted store" than from "Random Internet Software Company" [even if that software is "signed" by them].
The signature [to me] only means no one else has messed with it - it doesn't mean it is NOT malicious.
Much like the lock provided by HTTPS - it doesn't mean the content is safe, it only means you are getting the original content without anyone tampering with it along the way.