We use IIS on Windows with the win-acme client. Since the root expiry shenanigans, it seems to have become impossible to support serving Android 7 and older in a way which doesn't rely on ill-documented hacks. The root of the problem seems to be that Windows/IIS doesn't support supplying your own certificate chain but will always build it itself from its own certificate store. Meaning it will never consider including the old expired chain unless you resort to forcibly removing or disabling the new chain.
Amongst other issues, this leads to the webserver itself not being able to connect to endpoints which only have the new trusted chain.
Is there any solution in sight to this or do we have to give up and accept that LetsEncrypt is not a viable option for Windows webservers?
My web server is (include version): IIS 10.0.17763.1
The operating system my web server runs on is (include version): Windows
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is: Software version 126.96.36.1992 (release, pluggable, standalone, 64-bit)