We had planned on looking at using Letsencrypt certs when out current wildcard expired in July. This was prematurely invalidated further up the chain and so we (like so many others) had to act quickly to replace our certificates. We managed to get the services on one server running with Letsencrypt certificates before we were issued with a free replacement (with an additional 18 months on it) for the invalidated certificate. On the server we managed to switch over we were issued with a certificate, chain (intermediate) certificate and a key. With the release of wildcard certs I have managed to get us a wildcard certificate issued by Letsencrypt, but we only received a fullchain and key. I have installed these on one service so far and as expected (I have had this issue before) Firefox does not like this setup. Most browsers seem to be able to parse the fullchain and break it down, but Firefox looks at the top of the fullcert, takes the first part off and ignores the rest looking for an independant chain file.To go round this I need to break the fullchain into 2 files which is a pain with autorenewal. I think this is a simple task with a nice script, but I only started in this sector a couple of months ago and still need to aquire the finesse that I see in many of the posts here
I just wondered why the decision was taken to provide 2 files for the wildcards while the standard certificates have 3 files. Is it a change between ACMEv1 and ACMEv2?