OK, easy indeed:
Again, I’ve used the primary key generated by dovecot to generate the Certificate Signing Request. Copy-paste into cacert.org, wait, copy-paste from cacert.org into new .cert file on the server and tell dovecot to use this new certificate (easily done from webmin.)
UPDATE: using a private key that you did not yourself create is not secure. Check this post on how to create your own keys.