The Certificate Authorities are specifically forbidden from doing this because it's so obviously a terrible idea. Many of them also require that their resellers (obviously Let's Encrypt basically doesn't have resellers because that's stupid) also do not do this because it's a terrible idea.

But yes, you're correct that, especially when "cheap SSL" was a thing, outfits which did this really existed. In fact one of the companies which did this, and then deliberately revealed customer keys, resulting in all the affected certificates being revoked, isn't even bankrupt so apparently their customers are so stupid than they're still paying money for a service that's much worse than useless. Not an optimistic thought about humanity.