Lets'Encrypt provided me with a "Signed Certificate" and an "Intermediate Certificate". I had to create a private key domain.key for the domain before.
Now ListenAndServeTLS expects a certificate and a key file.
I guess the "keyfile" is the locally generated domain.key file but what do I do with a "Signed Certificate" and an "Intermediate Certificate" if ListenAndServeTLS expects two files?