You may also want to check out this somewhat-recent thread about building a trust store for embedded devices:
The short of it being that in addition to trusting Let's Encrypt's root(s), you probably want to be trusting at least one other CA, possibly one you create yourself, just to protect yourself in case Let's Encrypt becomes unavailable on short notice. While I have every expectation that Let's Encrypt will continue indefinitely, if they suffer a major compromise that requires new keys, or suddenly run out of funding (it is a non-profit relying on donations), or otherwise stop issuing certificates due to whatever temporary (or permanent?) problem, then you want to have another way for your devices to authenticate that they're securely connecting to your systems.