To be fair to Certbot you can also use certonly to do achieve the same thing (not messing with your config).
I think because you use Apache 2.4.6, you still need to use a separate SSLCertificateChainFile directive. The "combined" certificate format was introduced to Apache in 2.4.8.
SSLCertificateFile /var/lib/acme/live/rodaw.net/cert
SSLCertificateChainFile /var/lib/acme/live/rodaw.net/chain
If you go the self-managed path, the Mozilla SSL generator will give you a standalone configuration for whatever webserver and webserver version you ask it, so you don't even need to include /etc/letsencrypt/options-ssl-apache.conf.