I'm 99,99999999999999999999 % sure, yes. Your code 20 from OpenSSL has nothing to do with your Postfix, Dovecot or any other problem, but with OpenSSL itself. Try:
openssl s_client -CApath /etc/ssl/certs/ -connect community.letsencrypt.org:https -servername community.letsencrypt.org
(Which assumes your Linux distribution stores its certificate store in /etc/ssl/certs/
obviously.)
It should return a code 0.
But, again, that has nothing to do with your trials with encoded user passwords.
Very offtopic for this forum (certificates/TLS/Let's Encrypt, obviously not the encryption of passwords for IMAP/POP3 with CRAM-MD5
et cetera): just setting auth_mechanisms
to some values doesn't magically provide the extra feature, if not all required variables are properly set. For example, did you read this page: Wiki has been closed