I can confirm that the recently released updates (errata 1059 an 1060) are NOT fixing our issue:
Replacing the content of the intermediate certificate (intermediate-r3.pem) as proposed by sccmrb allowed me to succesfully refresh my letsencrypt certificates. Thanks to sccmrb for finding out and share with us.
Anyway … my initial issue remains. System diagnostic still says “found invalid certificate”.