Let's Encrypt root certificate still isn't trusted. Shame on you, Oracle. If you want to trust website using it, perform these steps:

First you must have your chain.pem file (out-of-the-box it's here: /etc/letsencrypt/live/YOUR-WEBSITE.com/chain.pem). Next run:

keytool -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -file chain.pem

Note: If you use Eclipse, make sure you're using the JDK (not JRE). Also if you have multiple JDKs, make sure you use the right one.

EDIT: Since Java 8u101 is Let's encrypt trusted! YAY! https://twitter.com/OndroNR/status/755509016957181961