Re: I think the real reason PGP succeeded...
Actually you're paying for the private key and the certificate that encapsulates the public key which is signed by another key or by the private key. But for brevity I said key.
And as far as trust goes, there would be nothing stopping a CA from selling its services and signing a PGP key just like they do now for certs. There would also be nothing stopping multiple CAs from signing a key if a site wanted that. And for random sites, they might prefer to have their site signed by their wholesaler, bank, accountant, business federation or whatever. Those keys might be signed by other signers which could lead back to a CA. Browsers could also ship some of these signatories if they wished just like a trust store.
But unfortunately it didn't happen. So now CAs are the problem and we have workaround bodges like Lets Encrypt trying to shoehorn themselves into a fragile system that wasn't designed for it.