We recently upgraded our servers from Windows Server 2012 R2 to Windows Server 2022 R2.
This solution worked well for Windows Server 2012 R2 suggested by @rmbolger. But when we implemented the same steps for Windows Server 2022 R2, it did not work.
Sharing below site that is working well on Windows Server 2012 R2:
Sharing below site that is not working on Windows Server 2022 R2:
You could spin up an up-to-date Linux (flavored) VM.
[within the Windows Server itself - no additional hardware required].
[just: 1+ (shared) CPU and 1GB+ (dedicated) mem and a few GBs of disk space should be enough]
And use a reverse proxy inside that VM to handle all your inbound HTTP(S) connections and certs.
Note: presumes the Windows Server hardware supports virtualization
ISRG Root X2 has already been rolled out. Older Android versions won't get any updates any longer and those Android versions don't have automatic OTA updates of their root store. (Since Android 14 the root certs are able to get updated without the requirements of a complete firmware update.)
Not sure why your question is specifically the X2 root and not X1? X1 has been rolled out for a long time now, but not for Android <7.1.1.
Other (free) certificate providers are often better supported on Android <7.1.1. For now. Ultimately, as root certificates always have an end date, Android <7.1.1 will only have expired root certificates.
If you look at ACME CA Comparison - Posh-ACME there are a few other free ACME servers available. You could check the root certificates of the other CAs and check their presence in Android <7.1.1 and choose one with the latest notAfter date.
Another practical thing is that the Buypass ACME server doesn't require stuff like EAB, which makes issuing certs a lot more easy compared to the other free ACME servers (except Let's Encrypt of course).
Thus, depending on your target Android version (nobody should walk around with such old phones, looking at all the security risks involved), one or another free ACME server might take your fancy.