PLEASE cross-sign with another older CA before the 9/2021 deadline

This would not change anything at all, as the clients which are affected by the soon-to-be-expired root CA are precisely the clients that don't understand how trust anchors work and will always verify against the root they have stored. (Most clients that handle chains the smart way won't be affected in the first place, unless you have a very modern TLS implementation but a very old trust store)

IdenTrust started replacing their DST Root CA X3 back in 2014, nowadays they have stopped using DST Root CA X3 and have switched to their newer roots - IdenTrust Commercial Root CA 1 and IdenTrust Public Sector Root CA 1.

The agreement Let's Encrypt/ISRG and IdenTrust have obviously doesn't include the usage of their newer root CA's, otherwise they would have long switched - instead they renewed a signature beyond the lifetime of the old root, which will certainly cause disruptions for users. I can only speculate as to why their contract did not allow a better solution, but as it is now we will have to live with it - either throw old Android overboard, or throw all of your older & non-browser (scripts, bots etc) overboard. Choose one.

The recommendation for a different CA is a good one, as it gives the best compatibility. ZeroSSL chains up to Sectigo, they use a root certificate from 2004 (in most trust stores since 2005). If one wants to stay with Let's Encrypt - which is understandable - the compatibility hit is going to happen.

Maybe this is going to help the ecosystem in the long run, as not updating system trust stores for 5+ years is really not a good practice. Maybe this will wake up some large integrators. I have a Smart TV in the home from 2015 which has a trust store that dates approximately to ~2012 - that's just horrible.

PS: While re-reading this I realized that I didn't specify that their are two distinct issues I'm talking about:

  1. There are clients with modern trust store (ISRG Root X1 included), but bad chain verification that will not work with Let's Encrypts future chain (for example GnuTLS & LibreSSL up to a version released in mid-2020, will take years until that is deployed widely)
  2. Clients that simply have a too old trust store.

The OP likely only refers to 2), yet both are going to cause disruptions to different clients.