Just thought I would share here that I got the letsencrypt certs working with ldaps
The pems below are symlinks into the /etc/letsencrypt/live/<my_domain>/
Made this change in the slapd.conf
I had to fix up permissions such that ldap group could read the certs.
I also added slapd to the daemon_list in
hopefully this is all that is required to restart openldap once the certs renew.
I can now connect to ldaps from some immutable containers that were previously giving me cert chain errors.
Probably wouldnt take much to add this to the directory app so it could all be done from the UI.
Hope this helps someone