Yes, it would work. The provider I linked to explicitly supports the validation mechanism used by Let's Encrypt, but even other providers might work if you use web server authentication.
And no, a DDNS name is not a "pointer". It's a regular DNS host record, just like any other. In DNS, a "pointer" (PTR) is a specific type of record that points to a hostname from an IP address. That's not at all what we're talking about here.
What does that have to do with anything? You do realize that there's absolutely no relation between a VPS provider and a DNS name?
If you read up on the X.509 standard, any uncertainties will instantly vanish.
SoftEther uses OpenSSL. The moment they realize "hey, our code allows for invalid Subject names in certificates!" they may decide to fix it. And then your setup instantly breaks.
That's how one might set up SSL in a lab environment. On the Internet, self-signed certificates are either a serious security risk or a major nuisance, depending on how the client is configured.
Your setup falls into the latter category, which is fortunate. Now all you have to do is switch to a proper SSL certificate, and your setup should be secure and pretty much maintenance-free.
That only applies if the clients are configured to uncritically accept any self-signed certificate.
https://eduzaurus.com/free-essay-samples/gun-control/ Incompetent people have been known to do this to avoid manually having to deploy the certificate, which means they've basically disabled the authentication part of SSL/TLS.
If all self-signed certificates are good, then the certificate I just made is perfectly fine, and I can just intercept their SSL handshake and impersonate the server. Inside the SSL stream, authentication is done in plain text, so now I've got your username and password. And if I just forward the traffic to the real server, I've got your data as well.
You probably should have researched this before setting up your VPN. That way you wouldn't have painted yourself into a corner like this, and you wouldn't have had to deploy the certificate manually at all. Just something to keep in mind next time you want to setup something for the first time.
Sorry if I'm sounding a bit harsh, but security-related misconfigurations can have serious implications for every user involved.