copy the files local
sudo cp /etc/letsencrypt/privkey.pem privkey.pem
sudo cp /etc/letsencrypt/chain.pem chain.pem
sudo cp /etc/letsencrypt/cert.pem cert.pem
sudo openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile chain.pem -out bundle.p12 password
clean up your files
sudo rm privkey.pem
sudo rm chain.pem
sudo rm cert.pem
get output from bundle then clean up
sudo cat bundle.p12 | base64
sudo rm bundle.p12
on the asa import the bundle
crypto ca import star.domain.com pkcs12 password
paste in the key once done type quit
quit
if you see this message answer yes
% The CA cert is not self-signed.
% Do you also want to create trustpoints for CAs higher in % the hierarchy? [yes/no]: yes
ssl trust-point star.domain.com outside