Is updating the CA store on the server something I can do on shared hosting
It probably depends on the host. My shared hosting had 20130114 installed; when I used their interface to install Mozilla::CA, it now reports 20211001.
Please note that the Lets Encrypt certificates that are automagically renewed are the certificates that allow people to securely connect to your shared host under your domain name(s). That's separate from the CA store on the server, which is the list of certificates that your perl scripts will use to determine if a machine they connect to have a valid certificate or not.