Certificates don't certify that the site you're connecting to is legitimate. They don't certify that the people using it are who they are claiming to be. And they definitely don't certify that the server you're connecting to is secure (unless by that you mean it supports TLS/HTTPS, period).
Certificates only certify that the people that were in control of the domain when the CA performed the check are the same people that are running the server you're connecting to now.
But if you don't read T&C of CAs that may come to you as a surprise...
so, please, tell me, where exactly is the failure on Let's Encrypt part?