As a follow-up, I petitioned iTunes support via the PodcastsConnect website. After quite a bit of back and forth helping them understand the nature of the issue, my ticket was escalated.
Ultimately, here's the response I got:
To continue using SSL, many podcasters note the follow SSL certificate work well. Consider using one of the following ( iTunes will update in 24 hours):
Or, redirect to a non-SSL feed. iTunes will update in 24 hours.
(I've removed the links for obvious reasons)
Sadly, it doesn't seem possible (at this time) to cut through the bureaucracy at Apple far enough to have them take a second look at this issue.
So, I've been forced to switch to a commercial cert in order to allow our podcast listing to be updated. I'll continue to use LE for other purposes, but for our main website / podcast, it hasn't worked out because of this Apple / iTunes issue.