Thanks again!
I haven't had a chance to go through the first of those two links, but here is the output from the openssl command:
$ openssl s_client -connect 192.168.0.2:993
CONNECTED(00000003)
depth=0 OU = IMAP server, CN = my_TLD.com, emailAddress = me@my_email.com
verify error:num=18:self signed certificate
verify return:1
depth=0 OU = IMAP server, CN = my_TLD.com,, emailAddress = me@my_email.com
verify return:1
---
Certificate chain
0 s:/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
i:/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICLTCCAZagAwIBAgIJAKvj4+dJnlnHMA0GCSqGSIb3DQEBCwUAME0xFDASBgNV
BAsMC0lNQVAgc2VydmVyMRQwEgYDVQQDDAtzYW5zb21lLm9yZzEfMB0GCSqGSIb3
... My SSL Cert...
AK5omWwUL4SxxUldZQEOSx1kOO08Jn6wiugdl1+k7ijb8AOeTwn5cGPlYv/sJkp8
5EQRRnL+JlYQWlj2+tJZm4t43OVOEA8Im4WjeELXGSOWAVctYNlzRSLVTlsCAqI1
ZTUWzNr+ilgMYT6BMEbIpT7b4kX5+LNsCrXH6oa0TVjW
-----END CERTIFICATE-----
subject=/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
issuer=/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1058 bytes and written 347 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 1E1228FA308A101EE3AAE553272365963626BAB226ABA620067253A62A219908
Session-ID-ctx:
Master-Key: 01A9B32934A487D52F3860B2A83C618FC54AAF51DE31AFE02B9C4B81A8D773AC7418322E3F05C3AF3A214DE3EFD4C7B0
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - dc 88 12 87 2a 66 c5 16-cf ca 7f ea bd cd 64 bb ....*f........d.
0010 - c7 59 9a 2d f5 d6 63 f3-e7 c4 f9 32 e6 95 af 64 .Y.-..c....2...d
0020 - 27 36 3c d5 5a 27 e6 7b-ac bd ed 6b 58 1c 6b 6f '6<.Z'.{...kX.ko
0030 - 12 3c f1 99 d7 9c 13 33-18 bc e1 6e b9 bf 40 3f .<.....3...n..@?
0040 - 2d 09 59 75 a0 73 87 cc-4b ab 4a f9 02 0b 49 80 -.Yu.s..K.J...I.
0050 - 3a 40 39 f0 85 52 3e 02-b1 15 ce f6 ff 7a 68 6d :@9..R>......zhm
0060 - 64 a3 eb 0e 36 c5 50 25-af 00 ef 56 ed 09 7f 78 d...6.P%...V...x
0070 - a6 4e d5 17 17 e5 09 cb-b8 14 a8 5f 0a 2b 1c 2e .N........._.+..
0080 - 89 c8 19 43 55 7b ff b2-be 52 d9 7c 5d 0f b9 27 ...CU{...R.|]..'
0090 - 7f e4 e6 f4 cf 8f a6 62-38 92 bd b7 ec 90 54 59 .......b8.....TY
Start Time: 1524306134
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
Does this tell you anything useful to this this problem?
Thanks again!
Mark