So got my beta certificates, and got them installed into my nginx server (even managed to figure out why OCSP stapling wasn’t working and got that fixed), and everything is happy.
Until I switched my XMPP server (Prosody) over to using it.
Pidgin on Ubuntu 12.04 happily accepts it as a trusted certificate, as does Adium on Mac OSX. However, Pidgin on Windows says it isn’t signed by any trusted CA. Apparently, at least on Windows, Pidgin maintains its own entirely separate store of CA roots.
I’ve opened two tickets with the Pidgin team, one to have IdenTrust’s root added (really why weren’t they already there?), and another to have Let’s Encrypt’s root added. Would be a great boon if folks could head over there and help boost the signal on either/both of these issues, and perhaps encourage the team to get them incorporated into Pidgin sooner (there’s requests for root CAs going back months and even years that have had absolutely no movement). Maybe some of the LE team could offer a little extra encouragement, too.