Another example poor design choices made by this industry, in this case, why doesn’t BuyPass follow the leader and use the same standards established by LE and why doesn’t LE publish their server addresses &/or ASN. URGH.
When connecting to IMAP on port 993, Dovecot needs a certificate, in this example, we’ll assume a Let’s Encrypt certificate.
Using your magic we can get that cert for the website and share it with Dovecot, however we have clients that use another provider for their website, I was curious if your magic works in this case. I may, however it seems you haven’t tested it.