There doesn't seem to be an automatic way of renewing old Let's Encrypt CA Certs from the Web Configurator however you can go to https://letsencrypt.org/certificates/ and download and import certs into pfSense as needed.

Check that the expiring Let's Encrypt CA Certs are actually needed, if no client certs depend on them then you may be able to delete them instead of having to import the latest matching Let's Encrypt CA Cert.