Please See: https://www.howtoforge.com/community/threads/lets-encrypt-working-with-ispconfig-interface-postfix-dovecot-tls-pure-ftpd-monit.75546/
ARCHIVED
I successfully configured Dovecot and Postfix to use my LetsEncrypt SSL certificate for my mail domain.
Generate SSL Certificate
When I installed ISPConfig 3.1b, I followed instructions on setting up LetsEncrypt which placed it in /opt/letsencrypt; If you have LetsEncrypt installed elsewhere, substitute the path below with the correct path.
I run in standalone mode so I need to stop Apache2.
service apache2 stop
Create the certificate.
Update: 12/2016 Install the certbot tool following this guide for Debian Jessie 8: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache
certbot certonly --standalone -d mail.techish.net
The certificate now lives in /etc/letsencrypt/live/mail.techish.net/
Configure Dovecot
I modified /etc/dovecot/conf.d/10-ssl.conf and added the following lines:
ssl = yes ssl_cert = </etc/letsencrypt/live/mail.techish.net/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.techish.net/privkey.pem
Then I restarted Dovecot
service dovecot restart
That didn’t seem to work; it was still publishing an invalid certificate, so I had a look around at more configuration files.
I then modified /etc/dovecot/dovecot.conf file. In this file I saw the ssl_cert and ssl_key variables and I also noted the protocols. The bolded items are what I changed/added.
protocols = imap pop3 imaps pop3s auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail #ssl_cert = </etc/postfix/smtpd.cert #ssl_key = </etc/postfix/smtpd.key ssl_cert = </etc/letsencrypt/live/mail.techish.net/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.techish.net/privkey.pem
I then restarted Dovecot
service dovecot restart
Configure Postfix
I looked at /etc/postfix/main.cf and noted that the cert was pointed to /etc/postfix/ directory. I decided to backup the certs that existed and then create a symlink.
smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key
Backup and create symlinks.
cd /etc/postfix mkdir ssl-backup mv smtpd.* ssl-backup/ ln -s /etc/letsencrypt/live/mail.techish.net/fullchain.pem smtpd.cert ln -s /etc/letsencrypt/live/mail.techish.net/privkey.pem smtpd.key
Restart Postfix
service postfix restart