dovecot IMAP not working on iOS because of Let’s Encrypt certificate problem

So I was having an issue with the mail app in my iPhones not being able to get IMAP email from my dovecot server.
Turned out I needed to change my dovecot config from this:

ssl_key = </etc/dovecot/mail.{{ domain }}.key
ssl_cert = </etc/dovecot/mail.{{ domain }}.crt
ssl_ca = </etc/dovecot/mail.{{ domain }}.chain.pem

to this:

ssl_key = </etc/dovecot/mail.{{ domain }}.key
ssl_cert = </etc/dovecot/mail.{{ domain }}.chain.pem

openssl dhparam -out dh.pem

So I was getting errors like this in syslog:

Jul  6 17:35:53 integrity systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul  6 17:35:53 integrity dovecot[10775]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 79: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Failed with result 'exit-code'.

This failure was affecting other parts of my system (i.e. postfix SASL).
The solution was to generate the dh.pem file:

root@integrity:/etc/dovecot
# openssl dhparam -out dh.pem 4096

WARN: Duplicate profile ‘Dovecot IMAP’, using last found

So when running ‘ufw’ I was getting this error: WARN: Duplicate profile ‘Dovecot IMAP’, using last found

The issue was duplicate rules were specified in:

/etc/ufw/applications.d/dovecot-core

And:

/etc/ufw/applications.d/dovecot-imapd

The solution for me was to delete the second file (imapd) as it was covered by the previous file (core).