But the reality is that it is too simple to communicate secretly
and the government has an interest in protecting its citizens
If I use a third party CA this is correct. But what third party can read communications over HTTPS between a client and a server I control with a self signed SSL cert?
TLSv1.2 has Perfect Forward Secrecy with DHE and ECDHE key exchanges and in TLSv1.3 PFS is mandatory. A compromised root CA or even leaf certificate these days protects you from a man-in-the-middle and not a whole lot else - the certificate private key is never used for session key derivation and the keys themselves are ephemeral and never sent over the wire so even intercepting the key exchange doesn't allow decryption of the stream.
The CAs have never been supposed to know your private key. For a long time now it's straight up forbidden on pain of removal from trust stores for the CAs to learn somebody else's private keys.
For the example of Let's Encrypt your client probably picks a private key and stores it where your web server can use it, but it never sends this key to anybody else. In fact if you care you can even have the key chosen by the web server and literally never send that key to the Let's Encrypt client at all, the client picks up a "Certificate Signing Request" and it goes OK, I see you want a certificate for some key you know but I don't, that's cool I will go ask Let's Encrypt to issue a certificate for that and let you know.
Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.
Want to have a private communication, I think offline is the right approach.
I agree that it sucks, but it’s probably not about you. It’s about nefarious people that use this as an uber advantage.