Were in the process of updating/adding the new LetsEncrypt "ISRG Root X1" (a bit of an overhead) to our application keystores, we would just like to confirm that we wouldn't have any issues in the future loading the following Root CA (basically to take advantage of the extended expiry date)
I'm not sure what information you're looking for beyond what's on the Chain of Trust page.
If your applications have trust stores that are challenging to update (like an embedded device type scenario), it's generally recommended to have at least one other CA in your trust store too, possibly one you run yourself, just in case there's some problem (procedural, technical, financial, or otherwise) with getting Let's Encrypt certificates in the future. But if all you're looking for is how to add Let's Encrypt's roots, then yes you just need ISRG Root X1. (Though I would also add ISRG Root X2 while I was at it, but then again I'm irrationally excited about using ECDSA.)
It never ceases to amaze me when I read the word "new" associated with this:
Not Before: Jun 4 11:04:38 2015 GMT
I can confirm though that you have mentioned the correct root certificate. I'm referring to the second one you mentioned, which is a true root certificate as @Nummer378 describes below.
The ISRG Root X2 certificate that @petercooperjr is suggesting that you additionally add is this one:
This is ISRG Root X1 signed by DST Root CA X3 - a cross sign of ISRG Root X1. Given that it's not self signed, it's not a root certificate by BR definition.
This is the actual root certificate. Both certificates share the same keypair though.
When adding certificates to your trust store, you should prefer the self-signed version of ISRG Root X1, as that's less likely to cause trouble later (not only is the self signed version valid for longer, it's issuer field also points to itself, which helps some validators).
