Indeed I wish Let's Encrypt could issue those so-called "Microsoft Authenticode" certificates. That was their ambition a few years ago. We're still waiting but it looks like it's not as simple as it sounds [insert the conspiracy theory you want here] :-(