Sure, you can just add a bind mount volume to mount a path from the host system to the container.
The only thing you’d have to make sure of is that whatever uid/gid the container is running as has permissions to access whatever cert files you’re after (but if you’re being bad and running as root, then congrats, that’s not usually an issue!)
Edit: redacted docker-compose example of this:
service-name:
image: image-tag
restart: unless-stopped
container_name: service-name
hostname: service-name
command: '--cert /data/live/domain.com/cert.pem --key /data/live/domain.com/privkey.pem port ip:23'
ports:
- port-external:port-internal
volumes:
- /etc/letsencrypt:/data:ro
You can run some scripts that will update DNS resolution and reconnect if the connection goes inactive, but those aren’t going to be something you likely can do on your phone. (Though, IDK, you might could if we’re talking rooted android, but eh, I wouldn’t want to rely on it).
Do you know WHY your connection fails? Is it JUST wireguard, is it your whole connection, does the IP change, etc? You might want to setup proper monitoring to see what exactly stops working when Wireguard does to see if it’s specific to the service, or if your whole link goes down, or if your router is crashing and rebooting or any number of other problems you could be having.