Leo,
I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I need. I am running dovecot at teh moment, but my clients (iphone, windows laptops) say my ssl connection is not trusted. The phone just won't connect.
Nope, you don't have to pay for a certificate at one of the traditional CAs, you can use Let's Encrypt to have free but fully valid certificates for your server.
See https://letsencrypt.org/ for more information. I can recommend https://github.com/xenolf/lego for use on your server, but there are many different LE clients out there.
certbot works only with ports 80 or 443? Can lego work with with IMAP ports like 143 or 993? The documentation is not very clear.
best regards --- Michael Schumacher