No reason we cant deprecate the old constructor and use the new one

acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java

@@ -27,19 +27,28 @@ public class CertificateEvent {
     private boolean validationCert;
 
     /**
+     * @deprecated See constructor that takes full certificate chain instead.
+     *
      * Creates a new CertificateEvent.
      * @param certificate X509 certificate file
      * @param domainKeyPair key pair used to encrypt the certificate
      * @param validationCert if this certificate is to be used for tls-apln-01 account validation
      */
+    @Deprecated
     public CertificateEvent(X509Certificate certificate, KeyPair domainKeyPair, boolean validationCert) {
         this.domainKeyPair = domainKeyPair;
         this.validationCert = validationCert;
         this.fullCertificateChain = new X509Certificate[]{certificate};
     }
 
-    public CertificateEvent(KeyPair domainKeyPair, X509Certificate... fullCertificateChain) {
-        this.validationCert = false;
+    /**
+     * Creates a new CertificateEvent containing the full certificate chain
+     * @param domainKeyPair key pair used to encrypt the certificate
+     * @param validationCert if this certificate is to be used for tls-apln-01 account validation
+     * @param fullCertificateChain X509 certificate file
+     */
+    public CertificateEvent(KeyPair domainKeyPair, boolean validationCert, X509Certificate... fullCertificateChain) {
+        this.validationCert = validationCert;
         this.domainKeyPair = domainKeyPair;
         this.fullCertificateChain = fullCertificateChain;
     }

acme/src/main/java/io/micronaut/acme/services/AcmeService.java

@@ -481,7 +481,7 @@ private void doChallengeSpecificSetup(Authorization auth, Challenge challenge) t
             }
             KeyPair domainKeyPair = getDomainKeyPair();
             X509Certificate tlsAlpn01Certificate = CertificateUtils.createTlsAlpn01Certificate(domainKeyPair, auth.getIdentifier(), ((TlsAlpn01Challenge) challenge).getAcmeValidation());
-            eventPublisher.publishEvent(new CertificateEvent(tlsAlpn01Certificate, domainKeyPair, true));
+            eventPublisher.publishEvent(new CertificateEvent(domainKeyPair, true, tlsAlpn01Certificate));
         } else if (challenge instanceof Http01Challenge) {
             Http01Challenge http01Challenge = (Http01Challenge) challenge;
             eventPublisher.publishEvent(new HttpChallengeDetails(http01Challenge.getToken(), http01Challenge.getAuthorization()));
@@ -501,7 +501,7 @@ private void doChallengeSpecificSetup(Authorization auth, Challenge challenge) t
      * Setup the certificate that has been saved to disk and configures it for use.
      */
     public void setupCurrentCertificate() {
-        eventPublisher.publishEvent(new CertificateEvent(getDomainKeyPair(), getFullCertificateChain()));
+        eventPublisher.publishEvent(new CertificateEvent(getDomainKeyPair(), false, getFullCertificateChain()));
     }
 
     /**

acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy

@@ -108,12 +108,14 @@ ${DOMAIN_CERT}
         X509Certificate domainCert = cf.generateCertificate(new ByteArrayInputStream(FULL_CHAIN_CERT.bytes))
         Collection<X509Certificate> certs = cf.generateCertificates(new ByteArrayInputStream(FULL_CHAIN_CERT.bytes))
         KeyPair keyPair = KeyPairUtils.createKeyPair(2048)
+        def expectedValidationCert = new Random().nextBoolean()
 
         when :
-        CertificateEvent event = new CertificateEvent(keyPair, certs as X509Certificate[])
+        CertificateEvent event = new CertificateEvent(keyPair, expectedValidationCert, certs as X509Certificate[])
 
         then:
         event.getCert() == domainCert
+        event.isValidationCert() == expectedValidationCert
         event.getFullCertificateChain().length == 2
         event.getFullCertificateChain() == certs.toArray()
     }