Common Name: Baltimore CyberTrust Root
Common Name: DST Root CA X3
Common Name: CAcert Class 3 Root
It seems you've embedded three certificates in your trust store, but that doesn't include the Let's Encrypt root.
The DST Root CA X3 previously cross-signed the Let's Encrypt root, but that cross-sign is expiring this year. See Shortening the Let's Encrypt Chain of Trust - Let's Encrypt
As an immediate workaround, you can include the DST X3 cross-sign. You can see the certbot documentation for full details, but you'll do certbot renew --preferred-chain "DST Root CA X3". However, certbot 0.31.0 is too old - that was added in Certbot 1.6.0 Release so you'll have to upgrade first.
But once the cross-sign has expired, that won't work anymore, so you will need to find an alternate mechanism. Let's Encrypt will not be supported by those devices.
You may be able to get a certificate from another CA that chains to those roots.
I believe the Baltimore CyberTrust Root is owned by Digicert now, who may be able to help you. CACert.org may also be able to help.