Well, Windows specifically does this interesting lazy-loading approach where you won't see roots in the trust store when you look but it knows to download them on-demand from Microsoft when needed by a browser. So "is the trust store up to date" is harder to answer on that platform.
But yes, systems need to be updated with latest security updates, and that includes updates to the trust store. (Which means I find completely bizarre that old Android devices don't get updates but somehow are safe to use on the Internet.)
In any event, with the ACME API endpoint specifically, I suspect the problem is more likely around systems that don't use their system's trust store correctly, or like I said embedded/IoT-type systems that are as bare-bones as possible.