Let’s Encrypt is great except when you forget to renew certificates in time and automatically. Which then means all encrypted connections will fail due to expired certificates.
And since I had no details how to make dovecot work again, here my recipe:
- copy the full chain certificate (named fullchain.cer) to /etc/dovecot/dovecot.pem, and the key to /etc/dovecot/pricate/ssl.key
- restart dovecot
Lesson learned: Automatically update certificates and distribute them accordingly.