I had a lazily configured proxy which would request a cert for any domain you threw at it. An attacker figured this out and started peppering it with http requests with randomly generated subdomains prefixed. When I discovered it, my first thought wasn’t, “Oh, I hope I didn’t get flagged by Let’s Encrypt.” It was, “Oh, man. I feel really bad that my laziness caused undue load on Let’s Encrypt.”

Let’s Encrypt is the best thing to happen to the web in at least a decade.