You are right.
My current plan is:
- Short term: Stick with LE and configure client to explicitly request the long chain. This buys me some time (until June 2024 instead of Feb 2024)
- Mid/long term: Evaluate whether we need to switch to a different CA (most probably that would be ZeroSSL) or announce that we drop support for devices running Android 7 and earlier.