Instead of using the PowerShell method, I found a better method.
You can just create a deployment task inside of the Certify client itself.
This is way less work and a lot easier. I'm going to update the Let's Encrypt KB next week with this info.
You shouldn't have to restart the mail service for the new certificate to work.
Do you think you could open a ticket with us Sabatino so we can look into that further?
Something that I have noticed with the Let's Encrypt script is that sometimes it will export the wrong certificate if you do not have your certificate cleanup setup correctly.
But anyway this is definitely something that we would like to help you with.
So please reach out when you can or let me know and I can open the ticket for you.
Technical Support Specialist