Certificates from Let's Encrypt (R3 active)

Let's Encrypt has announced that, as of today, the TLS certificates issuedby the Let's Encrypt certificate authority are using a new intermediatecertificate. "While LE will start using their new _roots_ next year, the change todayis using a _variant_ of their "R3" certificate which is cross-signedfrom IdenTrust, rather than chaining back to their "ISRG Root X1".This will affect you if you're using DANE, TLSA records in DNS, signedby DNSSEC, to advertise properties of the certificate chain which remotesystems should expect to see."