The Configuring Safari Push Notifications guide explicitly states
Important: After February 14, 2016, you will need to sign the push package with both the web push certificate and the intermediate certificate. The updated create_signature function in the attached createPushPackage.php companion file processes both certificates.
However, the latest version of the createPushPackage.php companion file no longer lets you specifiy the intermediate cert, and does not seem to use one in it's create_signature function.
So is signing with an intermediate cert still required, or not? And can the documentation be updated to remove the uncertainty?