Congratulations on getting ISRG Root X1 into NSS.
However, I notice that Mozilla’s automated reports generated from Salesforce don’t include Intermediates signed by this root. I recall that Microsoft, as well as Mozilla is now relying on this Salesforce instance to manage info about CAs, so hopefully keeping this up-to-date helps with getting them to trust ISRG Root X1 too.
Does someone from Let’s Encrypt / ISRG have the Salesforce credentials ? If so, have you uploaded audit records, the list of trusted Intermediates and anything else relevant ? If not, are you waiting on action from Mozilla to make this happen ?