Its really simple actually. Follow the instructions in the Nginx reverse proxy tutorial to acquire the certs.
Then use the paths to the files in /etc/letsencrypt/live/<your domain> for the server certs and key. The “fullchain.pem” contains the CA.cert I believe, but since LetsEncrypt is already a trusted CA, you shouldn’t have to import the CA.crt on the client.
Note that this is only for setting up TLS with any client. The generation of the client certs I believe are still required. And I’m not 100% certain you can do both server and client with letsencrypt as I don’t remember if the two can have different CAs.