Great!
I think easiest way for testing is to create a subdomain like subdomain.example.com and point it to your Nethserver’s public IP address. Usually this can be done in the host providers web UI.
Alternatively you could get a free dyndns domain for example at https://www.dynu.com/. This is also useful if your public IP is dynamic.
As soon as your Nethserver is reachable from the new domain the letsencrypt cert should be obtained. Just enter the new domain and request the certificate.
For AD to work with the certificate you need to add the nsdc host to the letsencrypt domain list: