Then, I don't understand why these certificates are not provided through the ACME protocol. Maybe the official letsencrypt server could offer them as an extension of the protocol, through another URI ?
Finally, I don't understand how I should concatenate them. Is it the following ?
[certificate issued by the ACME protocol]
Another thing to note is that you don’t include the root as the relying party needs to already have it, so it’s a waste of bandwidth. In addition if you’re sending the intermediate cross-signed by IdenTrust then the ISRG root is completely irrelevant.
Thanks everybody for your answers, my problems are solved (except the diagram part).
I didn’t use let’s encrypt client cause I needed something that I can program (and I wanted to understand the protocol).
I used https://github.com/diafygi/acme-tiny as an inspiration (especially for the base64 encoding and the JWS things) but I rewrite everything into nice python classes (and I check meticulously combinations of challenges). I hope to release this soon. I also need to look at that https://github.com/veeti/manuale.