I agree, the Let's Encrypt cert looks fine on your SMTP server.
This is for client TLS certification, which is normally not used in regular SMTP servers. Notice the difference between smtp and smtpd in the options. See for more information: Postfix Configuration Parameters
This option (without the "d" in "smtp_") doesn't exist for the SMTP client, only for the SMTP server (with the "d" in "smtpd_").
Perhaps the client certificate thing matters, but as far as I know, it shouldn't. Could you please post the *headers* of an email sent from your Postfix to Gmail which is labled as insecure?