I want to try again with the explanation. i.e. If you can't understand, it's my fault. DNS encryption ensures nobody, but you, can see your traffic. DNS signing proves the data you receive is the same that was sent. A central key issuer, like LetsEncrypt is considered more trusted than an individual key issuer, like you, because their keys can be verified against a known organisation. So a company with a reputation has verified you are valid.