LetsEncrypt Certificates Not Trusted

[Jerry Malcolm <te...@malcolms.com>]

Still nothing on making the logs work...  While waiting on that, I'm 
moving to SSL.  I was not using SSL on beta5.  So this is likely a 
generic SSL question not specific to 3.3.0.  See the setup and 
configuration info below.  When I try to create an account in 
Thunderbird and also in an iPhone, both Tbird and iPhone say the 
certificate is not trusted.  Any idea what I did wrong?

I have a domain certificate/chain issued by LetsEncrypt that works in 
httpd.  I issued the following three commands per the James SSL setup page:

  keytool -genkeypair -alias simple-cert -keyalg RSA -keysize 2048 
-keystore imapJwmHosting.jks -dname CN=imap1.jwmhosting.com
  keytool -import -alias root  -keystore 
/etc/letsencrypt/live/imap1.jwmhosting.com/imapJwmHosting.jks 
-trustcacerts -file /etc/letsencrypt/live/imap1.jwmhosting.com/chain.pem
  keytool -import -alias james -keystore 
/etc/letsencrypt/live/imap1.jwmhosting.com/imapJwmHosting.jks 
-trustcacerts -file /etc/letsencrypt/live/imap1.jwmhosting.com/cert.pem

In imapserver.xml:

       <tls socketTLS="true" startTLS="false">
<keystore>file://conf/keystore/imap1.jwmhosting.com/imapJwmHosting.jks</keystore>
         <secret>xxxxxxxx</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
       </tls>

Same process for the smtp side.