Replacing LE cert due to expiry issue

Welcome to the Let's Encrypt Community :slightly_smiling_face:


Currently, is serving the long/default chain. You could try serving the short/alternate chain by removing the last intermediate certificate from your chain (cross-signed ISRG Root X1 signed by DST Root CA X3).

Your analysis is correct. See @Osiris's post below.

No. You can just point your Apache configuration (using the bitnami tools, not directly) to the other certificate, chain, and key then let the Let's Encrypt certificate expire naturally. No need for revocation.