It seems like this is a scripting task that might involve writing a PowerShell or bash script to perform the certificate installation when the certificate is renewed. Many Let’s Encrypt clients allow you to specify a script to run upon renewal; for example, with Certbot, you can specify
--deploy-hook to indicate a script which will be run when the certificate is renewed (and Certbot provides environment variables to tell the script which certificate has been renewed and where the new files are located).
Alternatively, you can use separate certificates if you want. Let’s Encrypt will allow you to create up to 5 different certificates per week with duplicative subject names.
Alternatively, perhaps you could terminate TLS on the reverse proxy itself, in which case only the reverse proxy would need to have the certificate and private key. But this might not be appropriate in some applications depending on the trust relationships and how powerful the server hardware is.