The default certificate chain that Let's Encrypt uses changed on May 4th (see here). If this is the first time your certificate renewed since that date, then I would guess your issue is related to that event.
I think, things depend on how you have programmed the SSL library on the ESP8266 device. From reading some documents, it doesn't look like these devices have a set of CAs that they trust. Would you be able to answer the question: what CA certificates do you have your devices set to trust?