Re: "How is automatic renewal a pain?"
As written elsewhere, those devices may not have internet connectivity at all, and may get certificates from a private CA, and you may want specific certificate features not available otherwise.
Let's encrypt was designed for different needs, and its renewal protocol is not a standard. For example Active Directory uses its own to distribute certificates. Others CA may have otjers. How many you have to code into firmware?
Moreover all we know how much support we get for 'older' devices when supplier all wish you buy new ones to fatten their revenues. Maybe Apple sits on a huge pile of gold and can replace everything once a year, others may not.
Biting the hand that feeds IT
