If you've published DANE TLSA records for your current certificate chain, and are considering switch to Let's Encrypt issued certificates, please do not forget:
https://dane.sys4.de/common_mistakes#3
https://tools.ietf.org/html/rfc7671#section-8.1
I've seen more than one of the early adopters of LE certificates
neglect to update their TLSA records (a few TTLs) *before* deploying
the new LE certificate chain.
--
Viktor.
