Any inexpensive single-domain SSL certificate will do.
Yes, but without a built-in ACME plug-in for FortiOS it can become a pain to replace the certificate every 60-90 days. If you're up to it, other contributors to the forums have posted scripts to help with this. I've used LetsEncrypt certs in the past but I switched to a cheap 2 year SSL certificate because its was easier and cheaper in the long run.
DNS host (A) records only point a name to an IP address - they have nothing to do with ports. If you want to redirect SSL Web Portal visitors from https://vpn1.somedomain.com to https://vpn2.somedomain.com:10443 you'd have to set up a 302 redirect on the vpn1.somedomain.com website. I don't believe this will help FortiClient users - they'd have to be configured to go directly to vpn2.somedomain.com:10443.[/ol]
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.