What other options are there that support old clients and are free + automatable?
It’s all well and good to prefer Lets Encrypt if your clients are using web browsers, but it is not suitable for more exotic cases. E.g video streaming, where clients can be things like many years old copies of VLC, which no longer trust Lets Encrypt certs
gogetssl.com issues free 90 day Sectigo (formerly Comodo) certificates and they have an ordering API. Caveats: 1) I don't know if those certificates will work in old VLC clients or whatever. 2) After you order the certificate you get an email from the CA with a link that you have to click saying that you approve issuance. I don't know what happens if you try to automate that.
For me the main hassle of LetsEncrypt is the 90 day rotation and there have been situations where I'd rather just pay for a longer lasting certificate. Gogetssl (above) sells 5 year DV Sectigo certificates for $16, it looks like.
Ignore the prices shown on the not-logged-in part of the site: sign up for their "reseller" program (you get approved right away automatically) and you can see their real price list while you are logged in.
I had a very similar problem with older clients attempting to connect to streaming sites hosted on a WHM cluster. One day Let's Encrypt certs stopped being trusted on some of the older client machines. Fortunately, the provider from cPanel was also free and their certs worked (and still work) with older clients.
It’s all well and good to prefer Lets Encrypt if your clients are using web browsers, but it is not suitable for more exotic cases. E.g video streaming, where clients can be things like many years old copies of VLC, which no longer trust Lets Encrypt certs