Perfect!
I'm not sure it's technically/legally/contractually possible but a cross-sign from a Let's Encrypt intermediate already cross-signed by DST Root CA X3 should is probably another solution (but maybe not a good one, as it's add a level in the chain to send, which increase the handshake size, where one of the objective of ECDSA is to reduce it.)
Yes! Of course, it's the priority without any doubts. These questions just needed to be asked before it was too late and some irremediable steps took place.
Thanks a lot for these answers, and all the awesome work you all do, making the internet a safer place!