As you can see in these two bugzilla issues, our own root certificate, ISRG Root X1, has now been merged into the NSS library used by Firefox, which means that Firefox will trust our root certificate directly.
Note that our Let’s Encrypt Authority X3 and X4 intermediates are currently only signed by DST Root X3. We will continue to recommend that you configure your server to serve those cross-signed intermediates for quite a while, since it will take a long time before a significant fraction of user agents trusts ISRG Root X1 directly. We’ll provide updates on a recommended migration plan once our root is more widely distributed.
ACME clients should always default to using the certificate chain provided by the API, rather than hard coding specific intermediates.
Very excited to reach this milestone!