Phishing sites are starting to get more secure than legit sites

That’s because LetsEncrypt is not (or did not) do it’s due diligence. A simple reflex could have prevented the issuance of such a cert.

This is the inherent problem with DOMAIN validated certificates as a whole. I guess you get what you pay for. ;D