Can you elaborate more on what is not working? What are you testing to conclude it’s not working?
From my understanding you’re running VPS server. You have tunnel setup to connect to the server. You’re trying to setup N.P.M. with let’s encrypt certs validating via DNS.
To continue troubleshooting you should eliminate all network paths and test from the VPS (ssh to the system). Once you have NPM setup you should be able to test certificate locally connecting to NPM exposed port.
Assuming you exposed port 443
openssl s_client -connect 127.0.0.1:443 -showcerts
If you can validate that NPM is serving endpoint with the correct certificate you can move on to troubleshooting your network path.