@mkx my main point was the password storage is likely a better issue (assuming one is using “www-ssl” and not “www”). The example shows credentials stored inside the script, which I think is bad practice…
For Linux .netrc is good suggestion. But I think OP is using Windows PowerShell, and that does not support .netrc.
Certificates are typically not stored in the home directory, rather some OS-specific “key store” with additional proections (i.e. even RouterOS protect certs from direct export).
Now, I think the same Windows key store for certs can also store username/password, and those should be readable via PowerShell’s Get-Credential. See https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-credential?view=powershell-7.4