dom.ru domain was indicated for the purpose of an example.
My system FreeBSD 13.1
I will get a certificate. acme.sh --issue -d dom.ru -d www.dom.ru -w /usr/local/www/cert --server letsencrypt
Certificates are created.
[Wed Oct 12 16:54:54 +03 2022] Your cert is in: /var/db/acme/certs/dom.ru/dom.ru.cer
[Wed Oct 12 16:54:54 +03 2022] Your cert key is in: /var/db/acme/certs/dom.ru/dom.ru.key
[Wed Oct 12 16:54:54 +03 2022] The intermediate CA cert is in: /var/db/acme/certs/dom.ru/ca.cer
[Wed Oct 12 16:54:54 +03 2022] And the full chain certs is there: /var/db/acme/certs/dom.ru/fullchain.cer
I install certificates in nginx.
acme.sh --install-cert -d dom.ru --cert-file /etc/nginx/acme.sh/dom.ru/dom.ru.pem --key-file /etc/nginx/acme.sh/dom.ru/key.pem --fullchain-file /etc/nginx/acme.sh/dom.ru/fullchain.pem
[Wed Oct 12 17:03:46 +03 2022] Installing cert to: /etc/nginx/acme.sh/dom.ru/dom.ru.pem
[Wed Oct 12 17:03:46 +03 2022] Installing key to: /etc/nginx/acme.sh/dom.ru/key.pem
[Wed Oct 12 17:03:46 +03 2022] Installing full chain to: /etc/nginx/acme.sh/dom.ru/fullchain.pem
Where ssl_certificate points to fullchain.pem and ssl_certificate_key points to the private key.
You should not use ssl_trusted_certificate unless you have a very good reason to. And even then, it's not used to send your certificate, it's to tell nginx what to trust when validating ocsp responses.
As for ssl_dhparam you can pretty much do whatever you want.
Without your actual domain name, it's nearly impossible to help you quickly and accurate to an extend that it's actually mandatory to provide it to get help to begin with, as stated in the initial questionnaire of the #help section.