Hi, just to confirm - older versions of Windows Server, especially those upgraded in place from Server 2008 etc occasionally do not support (automatically) ECDSA cipher suites with TLS1.2. So yes, you do need to have an RSA leaf available to talk to those ones.
For Certify The Web we pay cloudflare $10 a month for a "universal certificate" (serving RSA or EC depending what the client can use) so those older clients can still talk to our API, but obviously we don't control CA ACME APIs.
Registry changes or IISCrypto can be used to enable TLS 1.2 support (if not yet enabled) and related intersecting cipher suites.