acme.sh usually installs a cron job by itself. You can check whether it's there:
Yes, the certificate fingerprint will change because its contents (such as the expiry date) will have changed.
From what little I know about Windows, I don't think it makes any sense to sign RDP files with Let's Encrypt certificates.
You wouldn't gain any extra trustworthiness from using a public CA like Let's Encrypt, and you have to manually trust the certificate on every machine in the network anyway as it wouldn't be trusted by default. This is made especially more painful because you have to repeat the process at least every 90 days.
Maybe it's better to do the standard Windows thing: generate a longer-term certificate for RDP signing, and trust that.