We did a POC doing Let’s Encrypt scripting for all the ISV sandboxes but found a single wildcard cert was easier to maintain for the dozens to hundreds of endpoints we needed to concern ourselves with (and a bit of internal standards we need to iron out).
Releasing more automation scripting is an ongoing topic due to the complexity of supporting it - combined with the fact that you automate yourself into blowing things up pretty fast (Try that at Azure scale and watch your credit card melt).
We want to do something, need to figure out best way to hand you a machine gun or small nuke and not have customers hurt themselves.