Thanks for sharing this. This mainly affects Windows servers that rely on the OS trust store, especially IIS, where the new Let’s Encrypt YE/YR roots may not yet be trusted by some clients. For now, using the older chain where possible or ensuring clients have updated root certificates seems to be the safest workaround. Apache/Nginx setups appear largely unaffected as you mentioned.