Just so I'm understanding fully, we're talking about:
- the API endpoint serving the shorter chain (rooted at self-signed ISRG Root X1) to ACME clients for purposes of securing the ACME transactions
- the production primary chain becoming the longer chain (rooted at ISRG Root X1 signed by DST Root CA X3)
- the production alternate chain remaining the shorter chain (rooted at self-signed ISRG Root X1)
Thus the only change to the upcoming production primary chain is this:
leaf <- R3 <- DST Root CA X3
becomes this:
leaf <- R3 <- ISRG Root X1 <- DST Root CA X3