Yet consider if root certificates would expire in max 1 year. That by itself long time ago forced if not the phone vendors but at least app developers to deal with the need to update the root certificate DB. And the LetsEncrypt issue would not exist.
