Are these already using LetsEncrypt? Maybe do a force-renew so you have additional time for testing/cutover.
When I did this I just took the certificates themselves and created a tls.certificate entry in a file provider.
Before expiry of certificates I updated the routers to use the LetsEncrypt certificate resolver.