IMHO, those aren't fraudulent certificates; they established effective control of the hostname, which is all a certificate implies. They didn't have authorization from the owner of the domain, but Let's Encrypt doesn't include ownership information, so there's no fraud there. Of course, this means someone who can MITM a whole server can also have a certificate issued to show everyone they're authentic.
You could potentially protect against this by cert pinning to a CA that won't issue to an interloper, or possibly using CAA records in DNS if you can be confident your DNS won't be MITMed or changed out from under you buy your registry. DNSSEC helps, if your registry (and the root) won't fold under pressure, but not if they do ... and DNSSEC is in the top 3 causes of high profile DNS failures in my estimation.
You could potentially protect against this by cert pinning to a CA that won't issue to an interloper, or possibly using CAA records in DNS if you can be confident your DNS won't be MITMed or changed out from under you buy your registry. DNSSEC helps, if your registry (and the root) won't fold under pressure, but not if they do ... and DNSSEC is in the top 3 causes of high profile DNS failures in my estimation.