Simple Guide: Using Lets Encrypt SSL certs with Dovecot

Yes. Problem was that I'am using serts only in local_name sections
local_name mail.example.com {
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
}

I am using multi domain mail server with one IP.
Refer to Wiki has been closed
With client TLS SNI (Server Name Indication) support

!!!!but dovecot also need default sert&key.!!!
so I just repeat this 2 line at in the start of config.

#
# SSL settings
#

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes
ssl_cert  = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf

local_name mail.example.com {
  ssl_cert  = </etc/letsencrypt/live/example.com/fullchain.pem
  ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
}

Maybe somebody help this

Interesting! I don’t know enough about Dovecot to understand what’s going wrong here. From the documentation that you linked to, it looks to me like you did everything right here.

I had the same problem, just now, and after investigation, I found out that my System is using ISPConfig 3 as the mail server. ISPConfic 3 doesn’t use the default configuration files of Dovecot. It produces is own(/etc/dovecot/dovecot.conf), therefore bypassing(not reading) the default ones. So finally by modifying this config file, using the fullchain.pem for the Cert and the privkey.pem for the key, it all worked very well with Thunderbird AND MS Outlook. Thanks for the help.