now if i have 2 apache servers one http/port 80 and the other https/port 443 and i NAT/port forword them to the 2 different apache servers respectively
do i craete a new cert for each server or do i create a new cert for server A and create a link to server B so it can get the cert of the server A and use the cert of the server A?
I’m a little unclear of your setup ( probably me )
You say upi have 2 servers, but “one http/port 80 and the other https/port 443” … only one of them * the https/port 443" requires a cert, and the other (http) does not. So why do you need to copy or link a cert ? as only one server is providing https
The certificates issued by Let’s Encrypt have an Extended Key Usage filled out for SSL/TLS servers and clients only. Most encrypted services use SSL / TLS, including all the ones you mentioned, if you run such services from the same machine (under the same hostname) you can use the same certificate for those services as for your HTTPS server. If you have another name (e.g. www.example.com could be a web server while mail.example.com is an IMAP server, on the same physical hardware) you will need either a certificate with both names in it, or, two different certificates.
Some services do not use SSL or TLS. Most obviously SSH (including its built-in SFTP / SCP service) which uses its own “trust on first use” approach in most deployments, and some low level network services. The S/MIME secure email system is also separate. In those cases you’d probably need a different certificate which Let’s Encrypt does not issue, or a self-signed certificate might be fine.