I've wondered if this issue could have been solved a long time ago by commercial companies (the way LetsEncrypt solves it or similar), it just wasn't as good business :-)
Heh. If the CAs had done this ages ago the cost of certs would have collapsed. I can't help but think that collusion between the CAs was a regular thing to prevent something like LE from happening in order to prevent the business model from souring.
I'd imagine so. I also like the approach that Amazon has taken with its recently launched AWS Certificate Manager. You can create as many SSL certificates as you like free of cost, even wild-card ones (which if I am correct Let's Encrypt does not support yet), and the AWS Certificate Manager takes care of the rest. The only restrictions, off the top of what I've read, are: 1) You have to be using the AWS infrastructure; b) You'd have to use their load balancer or CDN solutions, against which the certificates are placed.