Did you work with the new server manager? There seems to be a bug that when choosing another default certificate the ldap server isn’t restarted and uses the old certificate.
It works with legacy server manager.
As said easiest way is doing this with server manager.
The LDAP cert is stored here: /etc/pki/tls/certs/slapd.pem.
This certificate will be overwritten when you change certifcate in web UI.
So you may change the paths in LDAP directory to use another certificate:
[root@testserver ~]# ldapsearch -LLL -Y EXTERNAL -b cn=config olcTLSCertificateFile olcTLSCertificateKeyFile olcTLSCACertificateFile
...
olcTLSCACertificateFile: /etc/pki/tls/certs/slapd.pem
olcTLSCertificateFile: /etc/pki/tls/certs/slapd.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.pem
...
Examples to edit LDAP directory can be found here.
The certificate for the DC is located in /var/lib/machines/nsdc/var/lib/samba/private/tls/
Here you can find documentation about adding letsencrypt cert to the DC container as an example: