1. Does it auto renew, if so what interval? Since LE certs are valid 90 days and suggest renewal interaval is 60 days.
--- It renews from Lets encrypt but on Fortigate you have to upload the new Certificate again. Its not Fortigate only, any devices you have to update the new certificate.
2. On renewal, does it replace the existing certificate and get re-assigned to the needed Admin and if in place SSL VPN, and or where ever else it was selected?
- No, you have to upload new cert again.
3. on replacing the SSL Certifcate on the SSL VPN it will disconnect users. How can we schedule the auto
renewal in off hours? - Renewal is from lets encrypt side, ON Fortigate you can choose when you want to update the certificate.
4. I know port 80 cannot be used on the wan interface that is resolved to the public DNS name. What happens if the admin port is on a custom port like 8443 o 10443? To not conflict with SSL VPN portal. ---- Even then certificate can be used.