Need to include letsencrypt CA to support letsencrypt usage by Openfire
Openfire's distributed truststore already has "dst_root_ca_x3", so I have taken the liberty to hijack this ticket to be more general "update truststore" to match what Mozilla provides
dwd's previous commit may just need to be repeated then. I don't have immediate access to the same directory structure
FYI - as of JDK/JRE 8u102 - letsencrypt upstream CA is included in the default trust store.
So I don't think the latest debian ca-certificates package has letsencrypt CA included, so dwd's approach above won't work in this case (still would be worth doing though). Anyway, while JRE 8 now includes this, openfire does not use it, but provides it own local truststore.