question

They are self signed. More info on the certs here - https://docs.clover.com/docs/configuring-secure-network-pay-display#device-server-certificates. If your app is a semi integration you can avoid certificate issues by using a cloud connection (Cloud Pay Display instead of Secure Network Pay Display or Rest Pay Display) otherwise you will have to install the cert per the link above.

The previously accepted answer is not correct, Secure Network Pay Display certificates are relevant when building an app that runs on an external POS machine like iPad, Windows PC or Android Tablet.

The asker is a developer building Android apps that run on the Clover device itself.

As the asker mentioned the built-in certificate authorities on original Mini have not been updated in a long time which means the Let's Encrypt CA is not trusted and hence the TLS connection is failing.

Most likely the exception seen would be: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

To remedy this you will need to add the Let's Encrypt root certificates to your HTTP/TLS client manually.

Let's encrypt has published their root certificates here: https://letsencrypt.org/certificates/

This guide might help you create an HTTP/TLS client with the added roots: https://stackoverflow.com/questions/53304082/adding-a-custom-certificate-to-an-okhttp-client

The relevant code might look like:

HandshakeCertificates certificates = new HandshakeCertificates.Builder()
  .addTrustedCertificate(letsEncryptCertificateAuthority1)
  .addTrustedCertificate(letsEncryptCertificateAuthority2)
  .addPlatformTrustedCertificates()
  .build();

client = new OkHttpClient.Builder()
  .sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
  .build();