Let's Encrypt certificates are not really Client Authentication certs as this isn't in their intended purpose as far as I know. See also: Can I create client certificates for a received LetsEncrypt certificate? - #2 by stevenzhu
You would generally issue Client Certificates from your own in-house Certificate Authority (such as Active Directory Certificate Services, or another self-hosted CA like smallstep-ca).