Hi,
I've updated our docs for the Deploy to Apache task to cover some of these common questions:
It looks like you're making good progress but you also found a bug in Certify The Web for our CA bundle export in the Deploy to Apache task, it's not supposed to include the root cert (generally that doesn't matter), this is fixed in the next update.
Looking at the chain for your site I think you have now correctly pointed your config at the Full Chain export (which doesn't include the root) instead of the CA bundle export. So it looks good.
As noted, from v6.x onwards of Certify The Web we default Let's Encrypt certificates to the modern/unexpired ISRG Root X1 chain because the older DST Root CA X3 chain generally does nothing except cause confusion on Windows-native TLS. We store the chain in our PFX bundle when we acquire the cert, so it's independent of Windows own path-building.
Apache however does not use the windows native certificate store of cert path building, so you could use the old chain if you prefer by setting Certificate > Advanced > Certificate Authority - Preferred Chain to DST Root CA X3 then re-requesting your certificate.
You probably also want to include a task to restart Apache (or a script to reload it) so that when your cert next renews it gets the updated cert. There's notes on that in the above linked docs.