While you're at it, you could also consider replacing FTP with SFTP (typically supported automatically on the server side by OpenSSH!). Increasingly, various FTP clients have built-in support for SFTP.
This forum unlike phpBB does not let users edit posts so sorry if the questions wander
I use remote desktop extensively and using a certificate would make life easier but I am not sure how it even works whether its on a per user or on the system or what
I don't know much about Windows myself, but there are several different Let's Encrypt clients available for Windows
including (nowadays) Certbot! Some of them integrate with IIS or do other things.
You don't necessarily have to get your certificates on a Unix machine and then copy them over to a Windows machine (although you can do that if you want); you could choose to use one of these Let's Encrypt clients natively on Windows.
Most of the developers of these applications are here on this forum so you can probably get pretty good help if you try one and run into a specific problem with it.
Posh-ACME combined with Posh-ACME.Deploy make it pretty trivial to get a cert and apply it to remote desktop (and other Windows services). In the simplest case, it would be something like this after configuring an ACME server and creating an account: