I have two RouterOS devices, #1 is gateway router with firewall and NAT, #2 is performing as a SSTP VPN server (among other things). On router #1 there is a dst-nat rule pointing any traffic from the internet on TCP port 443 to router #2, which works just fine.

Now, I'd like to have additional services (like https web server) on port 443 accessible to the outside world. I only have one public IP address available. What would be the best approach?

Since I have IIS10, how can its URL Rewrite module be set up to redirect SSTP traffic to router #2 for incoming traffic to vpn.example.net?

you can setup a l7 firewall rule - but its not a easy setup. Its better to somehow use different port for different services if you only have one ip.

If you could live with SSTP connections requiring two attempts to establish, there's this:
Hosting sstp and apache/nginx/iis on same port (443)

Thinking a bit outside the square - will your ISP offer you a public subnet? There is usually an extra charge for this. $2 per IPV4 address per month is the going rate. So a /29 (8 IP's of which 5 are usable for hosts) would be $16 per month.
Otherwise, if you can get IPV6 space and can do end-to-end V6, this will also solve your problem. If you use IPV6, be aware you will need a minimum of /64 for any subnetted block and a /64 per router to router connection. But if your ISP can give you a /56, which they should be able to with no hassles, you have plenty to work with.

Many thanks for all the answers. I will try out the "port knock" method, and IPv6 in the long run. Thanks for the tips!