What software are you using to create a certificate, and in what context are you using the tls.createSecureContext?
If I assume you are using Certbot, and are using tls.createSecureContext to start a standard HTTPS server, you’ll want to use:
key: /path/to/privkey.pem,
cert: /path/to/fullchain.pem
You don’t need to set the ca options unless you are acting as a TLS client and need to validate server certs, or if you are expecting clients to authenticate to you (in which case a Let’s Encrypt certificate is not the right thing).