hi @mobamoba
You should really use a Windows Library to do this.
You are missing an important point. Importing a certificate (thumbprint xx:xx:xx) is not the same as applying it to a service.
If you want to for example apply a certificate to an IIS site you have to use the the thumpbrint.
Lets say you have a binding for domain test.xyz and two certificates for that domain (yy:yyy:yy) IIS will not start using (xx:xx:xx) until you tell it to
Also review this article which shows some of the automation you can do: Using Let's Encrypt to secure Windows Remote Desktop connections
Andrei