[aasasd]

Most industrial devices and even consumer kiosks probably access sites that are under the control of the device's owner or manufacturer. So the sites can just use self-signed certificates in the first place.

Or, for industrial use a hundred bucks on a certificate from an older CA is nothing.

[cpach]

Or, as 'vbezhenar hinted at elsewhere, the operators of the systems can distribute and install the ISRG root certificate to the devices that need them.