I should also mention, I copied the certificates to a new server, and that server sent out the correct X3 certificate chain.
So, in other words, it doesn’t seem to be a problem with the browser/client, it doesn’t seem to be a problem with the certificates/LE client, which to me leaves only the server software itself as the issue.
I’ve used this client for generating certs - https://github.com/Lone-Coder/letsencrypt-win-simple
However, others have also used it (not on IIS 8.5) and been able to get things back to working just fine once removing the X1 intermediate cert - https://github.com/Lone-Coder/letsencrypt-win-simple/issues/177
Plus, as noted above, the certs work just fine on a new server.