I wont ever recommend anything other than keeping an OS and it's subordinate modules current. Getting a certificate from LetsEncrypt can secure a connection but the underlying OS and modules are still vulnerable to attacks. IE:
GWIA
GWPOA
GWAVA
Tomcat
Netware (which was ditched after 2012) in favor of SLES server
...
Actually Netware was probably the best part of the Novell Sweet.
Please don't obtain a Let's encrypt certificate and hang it on an outdated and obsolete OS and mail server. You are likely to regret it.
Before someone flags my post I have to say I was certified as a Novell and SLES system administrator from 2003 to 2016. Security is paramount. If your system gets hosed LE is NOT responsible.
I am not trying to tell you how to run your system. I am advising you to do the research and the right thing. Take actions that will be effective to improve your security. You are responsible. No one else.
Anyone reading this thread without experience may think it is OK to employ 16 year old technology. Novell itself will tell you to upgrade and secure your assets.
This is My 2 cents.
SA 1992-2016