The certificate is managed by my Synology NAS, which serves as the certificate for the BitWarden server (in a docker container) via a reverse proxy. The docker container itself does’t have any certificates and runs on a http port.
Maybe I’m misunderstanding what you mean, but I shouldn’t need to install any CA certificates on the device itself since according to LE’s own documentation, Android 9.0 is plenty of recent enough to support their newer certificate chain and cross-signing (Production Chain Changes - API Announcements - Let’s Encrypt Community Support (letsencrypt.org))
Also, on the same device, chrome, edge and Samsung’s Internet Browser happily open the URL and indicate it being a valid certificate. It’s only the BitWarden app that is refusing to accept it as far as I can tell.
Now, I don’t know if these browsers on Android use their own certificate store for certificate validation and that that’s the reason they work fine (afaik, only Firefox uses its own certificate store).