Re: You would have thought that adding a certificate should do it.
This will probably vary by device and Android version, inconsistency being the quintessence of the Android experience. But here's what I did:
1. Using Chrome on the phone, went to the LE certificates page.
2. There I used the appropriate links to download the ISRG X1 and X2 root certs in PEM format. I don't know what formats Android will accept, but PEM is the only sensible format for certificates and no one should ever use anything else, so that's what I always try first.
3. This gave me two checkmark links in the phone's status line. I dropped down the system menu and clicked the checkmark next to the first one. That prompted for authentication (phone password or whatever you have configured); then it prompted me for a name for the certificate - I used "Let's Encrypt ISRG Root X1". Then it was installed.
4. Repeat for the X2 root cert, for future-proofing.
5. Afterward, you can go into Settings, search for "certificate", click on View Security Certificates (or something similar - on my phone it's under Security > Advanced, but you never know with Android). Then look at your User certificates and they should appear there.