SPN for Availability group(AG) listener for SQL Server 2016

Requesting some inputs..

We have a 2 node SQL 2016 Availability group configured and apps currently use primary replica for connection. We are now planning to use listener instead. Questions is, how to make sure we are using kerberos authentication for application connectiions?. Is it mandatory to manually register SPN for the listener? or is it automatically created?. is this a one time activity?. How to make sure SPN is registered automatically for the listener when the AG restarts or failover to second node?. Appreciate all the responses.