Lets'Encrypt provided me with a "Signed Certificate" and an "Intermediate Certificate". I had to create a private key domain.key for the domain before.
Now ListenAndServeTLS expects a certificate and a key file.
I guess the "keyfile" is the locally generated domain.key file but what do I do with a "Signed Certificate" and an "Intermediate Certificate" if ListenAndServeTLS expects two files?
As with most http servers, the Go tls server implementation only accepts a single file for the certificate. From the net/http documentation:
If the certificate is signed by a certificate authority, the certFile should be the concatenation of the server's certificate, any intermediates, and the CA's certificate.
All you need to do is concatenate the files together.