Whenever I need a truststore I use my browser and download the cert. this assumes that the website was signed by the same root authority.
I really thought CC uses let’s encrypt so it should be considered a valid cert , unless the system you are using doesn’t have the known/current CAs (like Verisign)