After implementing configuration to have a certificate from Let's Encrypt via ACME be requested, then using that certificate for the HTTPS server/API, we noticed the certificate chain is not presented, therefore causing clients to not trust it.
```
yzguy@prometheus:~# openssl s_client -connect router.dal1.routedbits.com:8443
CONNECTED(00000003)
depth=0 CN = router.dal1.routedbits.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = router.dal1.routedbits.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = router.dal1.routedbits.com
verify return:1
---
Certificate chain
0 s:CN = router.dal1.routedbits.com
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 31 19:03:42 2024 GMT; NotAfter: Apr 30 19:03:41 2024 GMT
---
```
The ACME support was originally added in https://github.com/vyos/vyos-1x/pull/2758, and looking at the code that was removed it referenced the `fullchain.pem`
```
ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem;
```
The new changes later reference only the `cert.pem`
```
tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem')
```
Ideally, one of two options
1. This is changed to read the `fullchain.pem` which loads the certificate+chain into PKI
2. Additional steps to load the chain certificates from `chain.pem` into PKI happen, likely have to read the file and load each certificate individually