I had a similar problem when I was building my own letsencrypt certificates manually (not using the LetsEncrypt contrib). I had neglected to include restarts for dovecot and qpsmtpd after cert updates, and would get ssl errors.
If the certificate shown by webmail or server-manager was renewed recently, check the date/time on the files used by IMAP and SMTPS to make sure they were updated too.
IMAP (dovecot):
/var/service/dovecot/ssl/imapd.pem
SMTPS (sqpsmtpd uses a symlink pointing to qpsmtpd for the ssl cert):
/var/service/qpsmtpd/ssl/cert.pem
If you have a new webmail cert and these files have the same date as the new webmail certificate, try restarting dovecot, qpsmtpd, and sqpsmtpd.
If you have a new webmail cert and these files don't have a new date, you'll need to figure out why these certs were not updated, get them updated, then restart the services.