Dovecot IMAPd is an IMAP4 daemon required to handle the mails on the server from the MUA.
Since Dovecot LMTP is already installed and set up, Dovecot IMAPd can use userdb and other configurations as well.
# apt install dovecot-imapd # ufw allow "Dovecot IMAP"
There is another ufw rule "Dovecot Secure IMAP", which opens port 993 (IMAPS). IMAP 143 port with STARTTLS is enough to secure the connection, so you don't have to open the port for 993 unless you need it.
There is nothing to change for the initial testing. Now Dovecot IMAP daemon is on and listening to the IMAP port.
Set up your local MUA (Mail User Agent, in fact, Thunderbird, Outlook...) to connect to the server. This time you should see the alert that the certificate is invalid though, you can see the mails received to the account (probably test mails when configuring Postfix and Dovecot LMTP).
There is a configuration for SSL Certificate in /etc/dovecot/conf.d/10-ssl.conf
ssl_cert = </etc/dovecot/private/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.key
The testing certificates are set by default. Change them to the proper certificate. Let's Encrypt (explained in nginx server) certificate will work.
ssl_cert = </etc/letsencrypt/live/example.jp/fullchain.pem ssl_key = </etc/letsencrypt/live/example.jp/privkey.pem
Need to restart dovecot when the certificate is changed.
# systemctl restart dovecot
After setting up the proper certificates, the invalid certificate alert will disappear.