==== Required information ====
~$ cat /etc/iredmail-release
0.9.6 PGSQL edition.
~$ uname -a
Linux s1.ubiqiti.net 4.9.15-x86_64-linode81 #1 SMP Fri Mar 17 09:47:36 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
Apache
====

Any thoughts on how to further diagnose this problem?

Today Outlook 2016 and iPad email clients started to claim the SSL certifcates for the domain had expired.

A quick check with Chrome and
`openssl s_client -showcerts -connect domain.com:587 -starttls smtp | openssl x509 -text` shows that they have *not*.

I've restarted both postfix and dovecot just in case there was some odd caching effect going on but to no effect.

dovecot.conf shows

# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# http://wiki2.dovecot.org/SSL/DovecotConfiguration
ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
ssl_cert = </etc/letsencrypt/live/domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/domain.com/privkey.pem

main.cf shows

# TLS settings.
#
# SSL key, certificate, CA
#
smtpd_tls_key_file = /etc/letsencrypt/live/domain.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live//domain.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live//domain.com/chain.pem

i.e. there is no possibility of the config files pointing to stale certificates. I am puzzled. Any suggestions most welcome.

TAIA