Check chains ourselves #20
Description
"[INFO] lego has been configured to prefer certificate chains with issuer "Pebble Root CA", but no chain from the CA matched this issuer. Using the default certificate chain instead."
Lego supports specifying a chain to use, but if that chain doesn't exist, it'll switch to the default chain. That's not what we want (though is reasonable behaviour for Lego outside of this unusual situation).
We should verify ourselves, but we probably don't need to do anything fancier than that.