We are using a mail server set up a couple of years ago using ispconfig and the rest under debian 10. We are having increasing problems with mail clients (gmail app, ios mail app etc) who apparently cannot connect using port 993 and ssl and I suspect that this is due to the fact that they do not recognise the ssl certificate or not trust it and so forth. what is the way to install a new ssl certificate which can be recognised once and for all? can we do this on top of the existing one?
There is none, it is intended that old protocols and ciphers be phased out as they become obsolete, certificates expire and are reissued, old clients get replaced with new ones, etc. You could probably lessen the minimum allowed protocol versions and ciphers (there have been some posts on that previously in the forum here), or just use port 143 if you want unsecured imap connections. As to your certificatel issue, is there a problem with your certificate, or just old clients have an issue using it?
Check that the certificate file which is used by postfix and dovecot also contains the SSL chain certificate files. If not, try adding them to the same file, your SSL cert first and then the chain certificate files one after another in the same file, then restart postfix and dovecot.
I am having problems to connect using modern applications such as ios Mail and Gmail app and others who dont seem to accept our server certificate
