Had problems figuring out how to use LE with UW IMAP. Yes, I know, a more modern imap/pop3 server would be a good course of action but lets pretend I couldn’t go that route.
I did get it working with a few trials and with the help of an old board post I found on UW.
The key is creating a PEM file with the certs and keys and storing them in a pem file in the following order (later, I found that the order might not be important but after burning myself with email problems and finding that this absolutely works, I’ve just stuck with this.
UW IMAP wants pem files stored in /usr/local/ssl/certs by default. Your flavour of linux might differ.
Create your certificate. I made mine for mail.domain.com for example.
Now we’re going to combine the certs/key into one file:
cat /etc/letsencrypt/live/mail.domain.com/cert.pem /etc/letsencrypt/live/mail.domain.com/privkey.pem /etc/letsencrypt/live/mail.domain.com/chain.pem > /usr/local/ssl/certs/imapd.pem
That order, cert.pem, then the privkey.pem, then the chain.pem seem to be important (not 100% sure). I put the above in cron to run after my cert renewals.
Now symlink ipop3d.pem to imapd.pem. For those who need it:
ln -s /usr/local/ssl/certs/imapd.pem /usr/local/ssl/certs/ipop3d.pem
If using xinetd, stop xinetd (if that is what you’re using to start imapd and ipop3d), kill all the stray imapd and ipop3d services still running and then restart xinetd.
For those using Postfix, the config was easier. Edit main.cf and ensure you have:
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.com/cert.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.com/privkey.pem smtpd_tls_CAfile = /etc/letsencrypt/live/mail.domain.com/chain.pem
Of course in all instances, replace mail.domain.com with your domain.
Hope this helps someone.