I agree, but i think the LE target audience is not you. Their whole thing is to be easy and use the "magic", to get the people who don't want to buy a certificate or deal with the config files, onto good encryption. I'm their audience and now my low-power volunteer run FM radio station website has HTTPS with a recognised CA.

If you use the letsencrypt python client with "certonly --webroot", it will never touch your config files at all. You can add "-n" to make everything non-interactive and command line-only.

If you use letsencrypt with "certonly --apache" (or --nginx, when the nginx plugin is released) it will make only transient changes to your config in order to obtain the cert, and then restore it to the original state before exiting.

If you use letsencrypt with "run" (which is the default command) it will make config changes if those appear to be necessary for installing the cert.

One challenge we've had is how to design the command line interface to ensure that the users who want maximum automation get it, and the users who want maximum manual control also get that. Both set of behaviour are available.