RHEL/CentOS 7 OpenSSL client compatibility after new chain

I pushed an update to certbot in EPEL 7 so you can also use --preferred-chain as in certbot 1.12+: Certbot update for CentOS 7: use --prefered-chain to select a shorter chain