Issue with letsencrypt SSL certificate

[roncli]

I'm trying to get a simple server working without PAM authentication but with an SSL cert that I got from letsencrypt.org. They give me four files in PEM format:

cert.pem
chain.pem
fullchain.pem
privkey.pem

Here is the command I use to launch the server:

sudo ./lfs_server.sh -verbose -s 10.0.0.4 -p 443 -cert ./fullchain.pem -key ./privkey.pem

I can browse some existing objects that I uploaded via HTTP and download them, with chrome showing no problems with the certificate:

2019-04-24 22:43:38.330690Z Info <my IP address> "GET /objects/21a39a766c8e8033091fc2c2ccf87113f68379043e1840a3a5b34b2b6eecfc83 HTTP/1.1" 200 OK
2019-04-24 22:44:11.466473Z Info <my IP address> "GET /data/objects/21a39a766c8e8033091fc2c2ccf87113f68379043e1840a3a5b34b2b6eecfc83 HTTP/1.1" 200 OK

But when I do a git push with some LFS content, the following happens:

2019-04-24 22:36:18.642634Z Error <my IP address> Exception: (Ssl_error
  ("error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate")
  src/ssl.ml:151:4)

On the client side, I get these errors:

Uploading LFS objects:   0% (0/1), 0 B | 0 B/s, done
batch response: Post https://<my LFS server>:443/objects/batch: x509: certificate signed by unknown authority
error: failed to push some refs to '<my git repository>'

Any idea what I'm doing wrong here? Is there a way to find out WHY it thinks it's a bad certificate? I checked that the certs up the chain are trusted by both server and client.

The server works fine on HTTP, but obviously I'd like to get this working on HTTPS and start using PAM authentication to keep it secure.