Building in root certs into java

http://www.oracle.com/technetwork/java/javase/javasecarootcertsprogram-1876540.html

You can go there to apply to get your root certs built-into java.

https://bugs.openjdk.java.net/browse/JDK-8154757 covers adding the DST Root CA X3 certificate to Java, this has cross-signed the Let’s Encrypt intermediates and so once this change is backported to the Java version you run it will trust Let’s Encrypt end-entity certificates out of the box.