Indeed, Nethserver uses name somewhat common conventions for the pem encoded cerificates and pem encoded private key’s:
certificate: /etc/pki/tls/certs/certificate.crt
chain: /etc/pki/tls/certs/certificate-chain.crt
key: /etc/pki/tls/private/certificate.key
All extensions will work, however with these extension-name / location conventions the certificate shows up in the NS web-based server-manager(s).
also see:
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers