[strombofulous]

You need root, the first command you enter is `su`, then you immediately make the /system partition writable (you can't do this without sudo). If you can't install a rom like lineageOS you probably can't do this either

There is no way to install a system root cert (user certs will not work in pretty much any app) without root, sadly

[schoen]

An easier way for an Android end-user or an administrator of a small number of Android devices to deal with this is to switch from the built-in browser to Firefox Mobile, because it comes with its own root store which includes the ISRG root, even on an OS that doesn't know about that.

(This suggestion is provided in the ISRG post about this change -- https://letsencrypt.org/2020/11/06/own-two-feet.html#if-you-... -- and elsewhere on the Let's Encrypt community forum. If the IdenTrust root expiration ends up leading to much consternation among users and site operators, this might be good information to spread around more widely!)

[casept]

It's possible to have a locked bootloader (so no unsigned OS), but still have vulnerabilities in the vendor OS image that allow rooting (on devices that are 4 years out of date this is pretty likely).