I've got some IOT devices out in the field that use ESP32. They have the old expired "DST Root CA X3" cert issue and now fail to connect over https to download a firmware update file. The devices use the IDF library for https OTA which I think uses mbedtls.
Would it theoretically be possible to set up a server (assume I have complete control of it and the domain name that the devices contact) such that the https connection succeeds and the devices can update their firmware (including updated root CA certs)?
Would this be practical to implement? If so how would I do it?