I can give you tips, but unfortunately not any step by step guide.
First you need to decide how much free you want it. Certificate is no problem, Let's Encrypt issues them for free, but you do need a real domain name. Best case that gives you most options is to register/buy one (.com, .net, whatever). With that, you can choose any subdomain for hotspot, and you can also choose between DNS and HTTP validation. If even that's too much and you want it completely free, you'd need to get hostname elsewhere. One option it dynamic DNS built-in RouterOS, it can provide free hostname like 04d42a5e9a06.sn.mynetname.net (first part depends on router's serial number). Downside is that you would have to use this hostname for hotspot (it's not very pretty; it can be solved if you find some other dynDNS service with prettier names), and you'd be limited to HTTP validation.
In any case, you will need another machine besides the router, because RouterOS doesn't have built-in client for Let's Encrypt, so you will need to run it elsewhere and upload resulting certificate to router. You can get some ideas how to do it in this thread:
viewtopic.php?f=1&t=92673
About validation methods, HTTP requires that webserver running on given hostname is reachable from Let's Encrypt's servers. It's not ideal when you want to have hotspot page somewhere in internal network. But it's doable with dstnat, you can redirect requests from internet to the other machine. DNS method gives you more freedom, because machine with LE client doesn't need to be anywhere near the router. But if it should be fully automated, you need either DNS hosting with some API access, or ability to run own DNS server (even simple single-purpose one used only for LE validation is enough).