It’s kinda annoying that I can barely use my 2013 iPad Mini because of this kind of issue, even though I absolutely love that thing (I even used it as my primary smartphone using voip for a few years!).
Are you sure that's the issue, and not cipher/protocol support? The root CA needed for lets encrypt is "DST Root CA X3" which is supported by iOS 7 https://support.apple.com/en-ca/HT203065 (and has a validity start date in 2000, so i imagine goes earlier). Now there are lots of other CAs, but lets encrypt is probably the most popular, i would be kind of surprised that the root certificate store is the limiting factor as opposed to not supporting any GCM ciphers
I have the same problem with a BlackBerry Playbook tablet - great form factor but it doesn’t handle websites using modern SSL.
I believe you can work around this using another machine as an SSL proxy - though setting that up is beyond my ability. Perhaps someone else can elaborate?
Indeed, proxies can work around the problem. I made this for Macs, but you could run it on a Mac and connect from a Playbook, or set up Squid yourself on a Raspberry Pi. https://jonathanalland.com/legacy-mac-proxy.html
I know Google tried to address this by giving Chrome its own independently upgradable certificate store and thought Apple would do something similar, especially since they don't have to rely on OEMs to push system updates.
I took a deep dive into this after I was unable to access my blog on my iOS 6 device. I concluded that I don't really need a ssllab's A. It is much more likely someone will try visiting my blog with a older device than someone will MITM one of the visitors.