You're not supposed to send root certificates as part of the chain. You should include the intermediate certificate which is directly used to sign the end leaf certificate: it's missing currently:
osiris@erazer ~ $ openssl s_client -connect cms.ci-systems.com:443
CONNECTED(00000003)
depth=0 CN = cms.ci-systems.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = cms.ci-systems.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = cms.ci-systems.com
verify return:1
---
Certificate chain
0 s:CN = cms.ci-systems.com
i:C = US, O = Let's Encrypt, CN = R3
---
(...)
The ACME client you used should have provided it to you. As you can see from the output I've pasted above, your certificate is signed by the "R3" intermediate certificate from "Let's Encrypt".
I don't know, I have zero experience with Windows Server. Usually, the ACME client used would have installed the certificate for you, including the correct intermediate certificate. Unfortunately, you've chosen to remove a lot of the questions in the questionnaire, including which ACME client you've used.
In that case you might want to check the Certify The Web Community Forum as most experience on the Let's Encrypt Community (this one) is with certbot and some other Linux ACME clients.