Yup and apologies for making it sound trivial. I forgot about DNS Zones on Microsoft DNS servers and how tricky they can be.
I understand that I have to do either of them manually again when I need to renew the certificates?
Or is their a better way?
What would be the smartest thing to do?
If you are confident in PowerShell I would install the ACMESharp Library as it allows you to script the certs the way you want. Have a look at example code here: Automating certificate renewal with Let’s Encrypt and ACMESharp on Windows | Marc Durdin's Blog
Otherwise have a look at this client - New Windows client - ZeroSSL as Win32/Win64 binaries - #7 by ahaw021
Andrei