Didn't have enough space in comment so I'll post it here
I'm not really sure how encrypt.org is working, so as long as you don't provide some more information about their certificate system I cant help you.
However X509Certificate itself, contains mechanism to certificate renewal, so if it's implemented correctly on ther side you can actually implement it in your app:
According to wiki:
To allow for graceful transition from the old signing key pair to the
new signing key pair, the CA should issue a certificate that contains
the old public key signed by the new private signing key and a
certificate that contains the new public key signed by the old private
signing key. Both of these certificates are self-issued, but neither
is self-signed. Note that these are in addition to the two self-signed
certificates (one old, one new).
Since both cert1 and cert3 contain the same public key (the old one),
there are two valid certificate chains for cert5: "cert5 → cert1" and
"cert5 → cert3 → cert2", and analogously for cert6. This allows that
old user certificates (such as cert5) and new certificates (such as
cert6) can be trusted indifferently by a party having either the new
root CA certificate or the old one as trust anchor during the
transition to the new CA keys
However this still require for you to have CA cert, (which probably you don't).
On the other hand I don't know why you need your own certificate (and why from encrypt.org)? And are you sure, that their certs are not validating in Android default TrustStore? And eventually Isnt's it better to create self signed certificate for you server and use it in app so you can have full control?
