make certificates configurable

defaults/main.yaml

@@ -7,3 +7,5 @@ dovecot_lmtp_inet_listener: false
 dovecot_unix_listeners_for_postfix: true
 dovecot_auth_inet_listener: false
 dovecot_auth: sql
+dovecot_certificate_fullchain_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
+dovecot_certificate_private_key_file: /etc/ssl/private/ssl-cert-snakeoil.key

templates/conf.d/10-ssl.conf.j2

@@ -11,8 +11,8 @@ ssl = yes
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
-ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
+ssl_cert = <{{dovecot_certificate_fullchain_file}}
+ssl_key = <{{dovecot_certificate_private_key_file}}
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often