Let's Encrypt?

Hi Folks, I'm  sure this isn't the right list for this question, but it will have to do. In downloading the Leap 15.5 ISO I noticed that the TLS cert is issued by Let's Encrypt.  This is rather concerning considering all the current supply-chain security issues. Does Let's Encrypt still use a one-step domain verification process?  If so, how can it really be trusted for something as important as an operating system?  How can we be sure we're not downloading malware without strong domain verification of the source? Regards, Lew