This is kind of a cross post but check out this post to see if it could help on automating of renewing & exporting your LE cert. This is for Pfsense but should be close enough.
I made a Feature request importing and renewing an LE cert automatically for AD as I am running into some of the same issue where I have external apps authenticating against NS but run into the invalid certificate issue.