Oh certificates are so much fun and you have so many options. From fairly easy to mindboggling complex.

Your current solution is OK if you keep in mind security implications of distributing certs using scripts.

It is not entirely clear where you do your tls-termination but it sounds like that is the Caddy reverse proxy so that is where your certs should be.

Placing them in a location like /etc/ssl/example_com/ as fullchain.prem and privkey.pem is probably easiest. Make sure access rights are appropriate. Then point Caddy at them and it should work. No experience with Caddy itself. If the services run in Docker be sure to map the certificates into the container.

Alternatively you can set up a PKI with certificates for your services behind the reverse-proxy for internal encryption and do public tls termination in the proxy with Let’s Encrypt.