I am a big fan of Let's encrypt mainly because the certificate administration is so much easier.
I propose that RouterOS gets on the Let's Encrypt bandwagon and support easy certificate handling with SSL offloading capabilities directly from the GUI.
I think the feature should work like this
In the GUI you first you supply the domain names you wish to get SSL certificates for.
In this step you probably also needs to supply which of your public IPs you wish to use (if you expose more than one).
We need a specific page for this I guess.
The RouterOS then briefly opens the required port 80 to handle the Let's Encrypt response.
(If port 80 is already used for something else there might be an issue)
The RouterOS will periodically (maybe once every 30 days or what ever Let's Encrypt recommends) renew the certificates.
Probably a good idea to make this changeable.
From the GUI (I am thinking IP:Firewall.NAT) you can in your individual rules decide if you want to use the SSL offloading functionality.
The rules is easily setup to accept eg. port 443 to a destination port 80 with the use of the certificate.
It should be possible to make multiple rules where you use the domain name from the SSL certicate to decide where the traffic goes.
(This would enable you to have multiple web servers on the internal network and still only use a single public IP for all domain names.
It might seem obvious but you should be able to use an SSL certificate for the RouterOS management interface as well.
Looking forward to the feedback.