Generates proper certificates with a zero failure rate. Not sure how there's a bug with that. The safety is a matter of proper security analysis and not your personal opinion. I'll dump an entire transaction log later today for an issuance. I'm really curious as to what certbot could be doing differently to create such an obvious security hole.