Yes. I've always redirected the apex domain to the www subdomain. So since no real issue is created by the failing DST Root CA X3 short path, I'll take it to be good enough for now.
The other issue, of course, is the lack of SNI support. Since to my understanding that's only an issue for non-SNI browsers, I suppose it's another low-priority concern. I did try adding the SSLStrictSNIVHostCheck directive to the default vhost (in both off and on states), as well as to some of the other vhosts (in both off and on states). But any combination resulted in ssl labs continuing to report the SNI error. As such, I'm guessing something else needs to be done to resolve the matter. However, since it's no huge issue either, I'm not inclined to waste more time on it for now.
Again, thanks for the insights!