[foxfluff]

LE also forces you to rely on DNS, which is highly centralized..

[midasuni]

How is DNS centralised?

[judge2020]

All roads lead to . [0], ie. IANA. Many IANA-approved entities run them[1], but they all only resolve TLDs ICANN authorizes (and those TLD operators control what domains are registered under their TLD, of course).

0: https://dns.google/query?name=.&rr_type=NS&ecs=

1: https://www.iana.org/domains/root/servers

[im3w1l]

Well on a technical level there are root servers. But DNS is a hierarchy and so if the root servers ever tried to pull a fast one there are second-in-command authorities that could take over: the cctld orgs. People would rather follow their lead than ICANN, so they have the real power. I'm pretty sure this is by design.

[xxpor]

What CA doesn't?

[hackmiester]

I don't think it was meant as a criticism, just a statement of the current status quo, which is inherently rooted in the centralized DNS.

[foxfluff]

There are many CAs that give certs for IPs. LE won't.

Not that it's much better. IPs are still granted to you by someone in a centralized hierarchy.