Based on Debian 10 "Buster" environment.

Dovecot IMAPd

Dovecot IMAPd is an IMAP4 daemon required to handle the mails on the server from the MUA.
Since Dovecot LMTP is already installed and set up, Dovecot IMAPd can use userdb and other configurations as well.

Install

# apt install dovecot-imapd
# ufw allow "Dovecot IMAP"

There is another ufw rule "Dovecot Secure IMAP", which opens port 993 (IMAPS). IMAP 143 port with STARTTLS is enough to secure the connection, so you don't have to open the port for 993 unless you need it.

Test from MUA

There is nothing to change for the initial testing. Now Dovecot IMAP daemon is on and listening to the IMAP port.
Set up your local MUA (Mail User Agent, in fact, Thunderbird, Outlook...) to connect to the server. This time you should see the alert that the certificate is invalid though, you can see the mails received to the account (probably test mails when configuring Postfix and Dovecot LMTP).


SSL Certificate

There is a configuration for SSL Certificate in /etc/dovecot/conf.d/10-ssl.conf

ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.key

The testing certificates are set by default. Change them to the proper certificate. Let's Encrypt (explained in nginx server) certificate will work.

ssl_cert = </etc/letsencrypt/live/example.jp/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.jp/privkey.pem

Need to restart dovecot when the certificate is changed.

# systemctl restart dovecot

After setting up the proper certificates, the invalid certificate alert will disappear.