After installing imapd-ssl, to set up your self-signed certificate, you must use the mkimapdcert
tool (or at least the openssl commands inside the script) to generate the necesary PEM file.
However before doing so, you should modify /etc/courier/imapd.cnf
and modify the subject requirements to meet your CN, email, etc. You may also want to modify /usr/sbin/mkimapdcert
and increase the number of days the certificate is valid for.
It’s possible, that if you’re renewing or changing the CN but on the same server, that the clients may have a trust certificate stored which may need deleting or the account may need to be re-setup.