What's the best way to use a Lets Encrypt certificate across other RouterOS services?

I have enabled Let’s Encrypt certificates and auto-renewal with /certificate/enable-ssl-certificate. It works fine. But I also use a SSTP VPN and want to use the generated certificate for that. Is it enough to just select the certificate in the SSTP settings, or do I need to find a way to re-select the certificate every time it is renewed? If so, does anyone have a script that would be helpful?

Also, I noticed that RouterOS is only adding the certificate to the www trust store. There is an SSTP trust store, and the generated certificate seems to work fine without it. I assume the SSTP trust store is just for when the router is the SSTP client, not server, and I don’t need it?

One thing missing in RouterOS is event driven scripts: when the certificate is renewed run a script!

You could write a script that runs every month/week/day to check the “expires-after“ property (and/or the “invalid-before” and/or the “invalid-after” properties) of the certificate and, when they change, apply the new certificate to the SSTP VPN (I don’t have a script that I can provide).