after you sold a .gov then any discussion about not supporting your root means denying users access to that .gov service.

None of this is a "big business". I think thirty years ago there was probably a perception that it could be a big business, it's potentially a license to print money, but sufficient incompetence got them here instead. Look at ISRG's volumes, that's the potential volume available in the Web PKI, but that's at $0, we know the resistance to even low prices is fierce.

If you asked people from the for-profit CAs about Let's Encrypt before it launched, the impression you'd get was that they're issuing a lot more certificates and this doesn't matter. Millions per day? Ha, we'd barely notice. That was all bluster, they were never doing that.

I think Apple probably had the best shot to turn this into free money. Apple's customers are very willing to pay more than something appears to cost on the basis that it's Apple so it's worth it. I think you'd struggle a lot more to undercut a $10 Apple PKI product with a free offering that's identical because Apple's customers are used to justifying why they spent more money on the same thing with the logo on it, and they are able to be completely irrational about it and it's OK - a brand rep would look unhinged if they violently attack people who point out that it's bullshit, loyal fans will get understanding or even praise.

I actually thought about 10-15 years ago that Apple was about to do this, but they didn't and once Let's Encrypt happens there's no room really. Apple does still make money off some places where they're sole issuer and get to charge arbitrarily for doing nothing, but not like they would if they'd seized the entire Web PKI.