I’m reaching out to ask if there is a way to receive notifications when Let’s Encrypt introduces a new intermediate CA or rotates existing ones. We want to ensure our systems remain up-to-date and avoid any disruptions during certificate renewals.
Could you please advise if there is an official mailing list, RSS feed, or other mechanism for these announcements?
Changes are announced in the API Announcements category. You can subscribe to that section in this forum to be notified
That said, you shouldn't be "pinning" intermediates. The needed ones are returned by LE when requesting the cert.
There are intermediates held back for emergency purposes. I am not sure how LE would alert about that. See: Chains of Trust - Let's Encrypt
The Integration Guide suggests subscribing to the API Announcements category on this forum. There's also a Technical Updates mailing list which a Let's Encrypt staff member recommends as the preferred method. They generally have the same things posted to them, in my experience, though I think they may be trying to move people towards the mailing lists in general.
But most well-set-up systems shouldn't care when the intermediates change; if you post more about why your system does people may have suggestions on possible improvements.
In addition to the API Announcements here on the forum, the technical updates mailing list, you can also follow the Blog - Let's Encrypt, where we post large announcements. Since you mentioned RSS, our blog has an RSS feed available. You should be able to put letsencrypt.org into most RSS readers to get that.
The issuing intermediate certificate is supplied by the ACME server combined with the end leaf certificate at issuance. Your systems should simply use that one.
All of the suggestions above -- API Announcements, Technical Updates mailing list, and blog RSS feed -- are good. But I'll also restate one thing that's easy to miss: we may change issuing intermediates at any time with no warning. You should build your systems to use the intermediates that are provided by ACME when your client downloads the certificate, and not have any systems which require manual intervention when those intermediates change.