Testing ACME enrollment over external RA peer connection fails with Certbot 1.4.0 with the error:
When enrolling directly against the CA with certbot 1.4.0 that is successful.
Certbot 1.3.0 works against RA or CA though.
The only thing I can see from logging with certbot 1.4.0 is that enrolling directly against the CA logs the entire certificate chain being returned to the client. When enrolling over RA peer only the EE certificate is logged.