It appears that this has been an issue since at least 2021 strongSwan and X3 to R3 transition
Edit: I misunderstood the FAQ and though that only the end entity certificate would be served. Since YR* is served, then trusting YR on the clients could provide a fix.