Let's Encrypt SSL does not send full trust chain


I have configured my external endpoint with a Let's Encrypt wildcard certificate (as an aside: it's very unclear how to actually achieve this, what the official documentation suggest doesn't work because it results in multiple conflicting requests racing to write to CloudFlare and failing, only a hack with a dummy router with a wildcard cert and no LE setup on others I found in one post helps) and according to Qualsys analyser Traefik doesn't send a full certificate chain, skipping the root certificate:


I looked at how to configure this in the documentation, but didn't find anything like that. I would very much like to be able to send a full certificate chain, because Plex is reportedly very picky about that, telling you that it does not have external access if the full chain is missing (and I don't want to use their proxy). Am I missing some configuration option? Would it be easy to implement otherwise?