Is this still accurate info? https://github.com/unixcharles/acme-client#ordering-an-alternative-certificate
I believe Let's Encrypt decided to not switch chains so it should continue working with the default chain? Links:

• https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
• https://community.letsencrypt.org/t/production-chain-changes/150739

So it seems like order.certificate should work and no changes needed, am I correct?

BTW, we're having an issue because order.certificate uses alternative short chain that's not supported by old Android devices, calling order.certificate(force_chain: 'DST Root CA X3') doesn't help, it still uses the short chain without 'DST Root CA X3' for some reason...

Ah, nevermind the second comment, our code just assumed that the chain consists of 2 certs for some reason and the third one was skipped. Didn't know it would work...

force_chain has opposite issue. It always download 'DST ROOT CA X3' chian :/
There could be something like this..

class Acme::Client
  class ChainIdentifier
    def match_name?(name)
      issuers.last.include?("/CN=#{name}") if issuers.any?
    end
  end
end

@beam Thanks for that solution, worked great for us.

EXPECTED_TERMINAL_CERT_CN = 'ISRG Root X1'
order.certificate(force_chain: EXPECTED_TERMINAL_CERT_CN)

Closing since its not too relevant nowadays.

I would be open to add a method to download alternate certificates from the alternate http header and let the end user figure out which cert they want to use if that useful to anyone.