Sorry but this is not helping at all, you need to supply the Let´s encrypt certificates direct to the GSAd and you can spare the complete NGINX and SystemD voodoo. Please keep it stupid and simple.
Just supply GSAD with the Let´s encrypt private Key and Certificate that´s it.
-k, --ssl-private-key= Use as the private key for HTTPS
-c, --ssl-certificate= Use as the certificate for HTTPS
In many cased it would be:
“/etc/letsencrypt/live//cert.pem” for the certificate “-c”
“/etc/letsencrypt/live//privkey.pem” for the private key “-k”