These certs are to verify you control the domain name, not that you are who you say you are. Those certificates are much more complicated and expensive. See https://letsencrypt.org/2015/10/29/phishing-and-malware.html for more information

What is the value of checking Google's Safe Browsing API before issuing a certificate when the browser can/should use the same Safe Browsing API to block the phishing website? Move the policy to the user agent.

the vast majority of phishing websites I seem encounter these days are all wrapped in https by cloudflare.

seems that letsencrypt unlikely to make the problem any worse!

What benefit would a phishing site have with https that they didn't have without it?

The green padlock that casual users might misinterpret as meaning "to be trusted".

If you look at Chrome's change to https indicators, they give these sites with auto issued certs the lock so users will interpret it as "secure". Seems easy to create fraud sites and give them a legitimate site look.

Also discussed at

https://community.letsencrypt.org/t/the-cas-role-in-fighting...

which is the official discussion thread for Josh's article on this topic.