Certbot would be like the supply chain attack holy grail. Not sure I'd want software like that running unmonitored automatically with root privileges.