We are using several letsencrypt certificates in our Org. We came to know that ISRG root will be used by default when we provision certificate using certbot. Please tell us the steps to manually configure our servers to continue using the cross-signature from IdenTrust (DST root) using certbot.
Swap out chain.pem with the intermediate certificate signed by the DST root (it could be that file isn’t used by your software, but I guess it’s good practice to keep everything the same; also, I’m using chain.pem in the next example ). You’d also need to modify or remake fullchain.pem (cat cert.pem chain.pem > fullchain.pem) as that file also contains the intermediate certificate.