ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN thrown by wss server when client tries to connect to it

Question

recently I've been trying to create a WebSocket server (using the ws library for node.js). At first I used the ws unencrypted protocol, but then I had to switch to wss. This brought some client authentication issues. When the client (running on a browser) (client.js)

this.socket = new WebSocket(`wss://ipv4.address:port`);

... tries to connect to the Node.js-based server (server.mjs:)

const server = createServer({
    cert: readFileSync('/path/to/ssl_certificate.cer'),
    key: readFileSync('/path/to/private_key.key'),
    ca: [
        readFileSync('/etc/ssl/certs/ca-certificates.crt'),
        readFileSync('/path/to/ssl_certificate_INTERMEDIATE.cer')
    ],
    rejectUnauthorized: false
});

const wss = new WebSocketServer({ server });

server.listen(port, "hostname", () => {
    //the server actually listens, so this line of code is printed
    console.log(`listening on wss://${wss.address().address}:${server.address().port}`);
});

server.on("tlsClientError", (err, tlsSocket) => {
    console.error("TLS client error", err);
    tlsSocket.destroy();
});

... it goes into "tlsClientError", printing this:

TLS client error [Error: C0D71E8ECB7F0000:error:0A000416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1584:SSL alert number 46
] {
  library: 'SSL routines',
  reason: 'sslv3 alert certificate unknown',
  code: 'ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN'
}

This looks like the server isn't willing to accept the client's certificates. How do I set them? Is there something I'm not understanding about WebSockets over TLS?

I tried following the advice of many answers from StackOverflow, disabling rejectUnauthorized, but the node https server is still failing, even after adding the same SSL certificates my website is using (same hostname, different port)

EDIT: I forgot to mention, that connecting from the same host as the server works (i.e. using the ws client part on the node side), as per https://github.com/websockets/ws/blob/master/examples/ssl.js, and even when disabling rejectUnauthorized (because I'm not using a self-signed certificate)