I love how none of the example "dependencies" they give should be using public CA in the first place.
Given some of the internal CA systems I've dealt within the past, I'd almost prefer a public CA in some cases. Sometimes your internal CA is just the group with manual access to the certificate provisioning and signing systems with either no API or some awful re-implemented API.
I'm curious if people other than LE have tried deploying Boulder in production, now that it exists. It seems like probably close to what a public CA wants.
Ideally you'd have some way of tying it into some internal authorization database instead of relying on HTTP challenges, but HTTP challenges would work too.