For Debian 9 (Stretch):

[ -f /etc/apt/sources.list.d/stretch-backports.list ] || cat <<'END' > /etc/apt/sources.list.d/stretch-backports.list
# https://backports.debian.org/Instructions/
deb http://deb.debian.org/debian stretch-backports main
END

apt update
apt install certbot python-certbot-apache -t stretch-backports

ln -sri /etc/letsencrypt/live/HOST.EXAMPLE.COM/cert.pem       /etc/ssl/
ln -sri /etc/letsencrypt/live/HOST.EXAMPLE.COM/fullchain.pem  /etc/ssl/
ln -sri /etc/letsencrypt/live/HOST.EXAMPLE.COM/privkey.pem    /etc/ssl/private/

1. postconf -n | grep 'smtpd_tls_.*_file'

smtpd_tls_key_file  = /etc/ssl/private/privkey.pem
smtpd_tls_cert_file = /etc/ssl/fullchain.pem

1. grep '^\s*TLSRSACertificate' /etc/proftpd/*.conf
2. for example in tls.conf :

TLSRSACertificateFile		/etc/ssl/fullchain.pem
TLSRSACertificateKeyFile	/etc/ssl/private/privkey.pem

1. Is this also needed?

TLSCACertificateFile /etc/ssl/fullchain.pem

1. doveconf -nPS | grep '^\s*ssl_'
2. or to find the file (eg. /etc/dovecot/conf.d/10-ssl.conf)
3. grep -r '^\s*ssl_' /etc/dovecot

ssl_cert=</etc/ssl/fullchain.pem
ssl_key=</etc/ssl/private/privkey.pem

1. psql -U postgres -c "SELECT name, setting, sourcefile, sourceline FROM pg_settings WHERE name LIKE 'ssl_%_file'"
2. or in the file postgresql.conf:
3. grep '^\s*ssl_.*_file' /etc/postgresql/9.6/main/postgresql.conf

ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'		# (change requires restart)
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'		# (change requires restart)

systemctl --all list-timers
 
systemctl stop    certbot.timer
systemctl disable certbot.timer
systemctl mask    certbot.timer
 
m=$(( RANDOM % 60 )); h=$(( RANDOM % 24 )); d=$(( RANDOM % 7 ))
echo "## Let's Encrypt SSL certificate renewal with certbot" | tee -a /etc/crontab
echo "$m $h * * $d root /usr/bin/certbot -q renew"           | tee -a /etc/crontab
 
# dom=$(( 1+ RANDOM % 31 )) mon=$(( 1+ RANDOM % 12 ))