Yes, private suffixes are included. It has already caused a spike in new PSL submissions[1].
You're right about this being rather easy to bypass, but the main goal is probably not to mitigate against abuse but rather prevent buggy automation scripts stuck in some kind of infinite loop from DDoSing them.
You're right about this being rather easy to bypass, but the main goal is probably not to mitigate against abuse but rather prevent buggy automation scripts stuck in some kind of infinite loop from DDoSing them.
[1]: https://community.letsencrypt.org/t/dyndns-no-ip-managed-dns...