If letsencrypt can provide certificate with necessary OID's, the cost is nothing.
I.e. this certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18 (0x12)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=RU, L=Moscow, CN=Andrey Repin/emailAddress=anrdaemon@rootdir.org
Validity
Not Before: Feb 5 02:58:22 2015 GMT
Not After : Feb 6 02:58:22 2016 GMT
Subject: C=RU, L=Moscow, CN=Andrey Repin
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d6:28:cf:1d:63:ea:05:b8:ba:b0:07:4e:ba:0b:
70:3e:1f:f3:87:10:dd:b4:cb:bd:22:9e:72:a2:62:
47:03:1c:67:f7:d2:b1:fc:c1:89:80:2a:16:7e:7b:
51:70:13:c7:33:6c:a2:a5:a3:e4:b9:0a:a4:98:73:
02:1f:ae:af:1a:f1:dd:56:e1:a4:fd:27:48:9f:44:
91:f9:1d:e5:ac:9e:27:b9:d0:41:e3:c7:ca:61:28:
4e:b6:5f:85:7d:2a:27:61:01:2e:6d:f7:fc:57:cc:
77:9e:83:f6:b9:76:67:5f:f9:0c:f1:50:12:3f:ee:
55:8c:82:b7:07:46:23:55:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection, Code Signing
X509v3 Subject Key Identifier:
81:FA:6C:44:4A:68:FB:3B:51:79:D8:A8:B5:00:D4:A3:9D:30:47:89
X509v3 Authority Key Identifier:
keyid:4D:1E:89:9B:E7:9B:AA:75:2E:99:C9:AE:0C:B8:87:C0:D1:A4:05:63
DirName:/C=RU/L=Moscow/CN=Andrey Repin/emailAddress=anrdaemon@rootdir.org
serial:B5:1C:66:2B:1B:0A:E5:1E
X509v3 Issuer Alternative Name:
email:anrdaemon@rootdir.org
Authority Information Access:
CA Issuers - URI:https://ca.rootdir.org/
X509v3 CRL Distribution Points:
Full Name:
URI:https://ca.rootdir.org/ca.crl
is used to sign LiteStep modules (http://forums.litestep.info/viewtopic.php?id=408) built by me.