You'll perform the handling that you're asking about.

Here's an overview of the full picture.

You provide the certificate authority (whom you are calling a DNS provider) with whatever their requirements are. This can include payment and identification.

They provide you with a certificate that points to them as the issuing authority.

You then configure the web server to use that certificate.

When someone visits your page with HTTPS, the "S" in "HTTPS" stands for "Secure". In prior years, it was rather safe to think of the S as standing for SSL, because the way HTTPS was implemented was using HTTP over SSL. Nowadays, TLS is the modern implementation that typically gets used instead of older SSL versions.

When the web client (most commonly called a "web browser") uses TLS (or SSL), it gets a certificate from the web server. (This will be an automatically-generated certificate, different in some ways than the certificate you got from your certificate authority.) Then the web client checks whether the certificate is trusted. The certificate that the web browser receives will have traces of your certificate and the certificate authority. The web browser can tell that the certificate was made with the blessing of that certificate authority.

The web client looks at its own "certificate store", which typically simply comes with the web browser and/or operating system. Since your commercially-purchased certificate is presumably pointing to a certificate authority that is recognized and widely-trusted, the web client considers the web server to be trusted.

Make sure that when you get that certificate that you paid for, you don't give it to anyone else. (Normally I would say to not share it with anyone except for whom you have to trust, such as to company running the web server you're using. But since you're running your own web server, that exception may not apply. Although, if your "virtual private server" ("VPS") is not encrypted, presumably your VPS host could access the data.) If anyone untrustworthy gets a copy of that certificate, then they could be trusted to be you. In other words, such a thief can effectively steal your identity. So don't publicly post that certificate that you paid for.

One thing that you may do with your DNS provider is to set up DNS resource records. In many cases, you set up AAAA and/or A records with them. Personally, I tend to just set up NS records with the DNS provider, and host the AAAA and/or A records myself. Your DNS provider does not have to be the same organization as whomever provides your certificates. (If using "Let's Encrypt" as your certificate authority, I would expect them to be different organizations.)

If I buy the domain name (www.example.com) from some 3rd party provider, and then configure the domain to point to the IP of my VPS that is provided by an unrelated party, who manages the certificates?

Whomever is managing the VPS would administer this. Domain registrars (domain name providers) technically only deal with IP address and domain name entries associated with your VPS.

Should I do all the handling (certificates, TLS configuration, https listening, etc) on the VPS and Nginx config, or is all of that managed by the domain name provider? Or are some things handled by the domain name provider and some on my Nginx config?

Certificates, TLS, https, etc. are all things you would configure on-server with Nginx, etc. Domain name providers have no role in this aspect.