Last updated: November 15, 2017.
The mail-transfer program Sendmail can easily be configured for STARTTLS transport security using your Let's Encrypt credentials.
Consider also reading my article on email integrity and anti-spam/anti-spoofing with Sendmail.
1. Locate your Let's Encrypt directory.
sudo ls /etc/letsencrypt/live/example.com/
Replace example.com with your domain. The output should look like this:
cert.pem chain.pem fullchain.pem privkey.pem
Note: you need to have run letsencrypt first.
2. Modify sendmail.mc
sudo nano /etc/mail/sendmail.mc
dnl# define(`confCACERT_PATH', `/etc/letsencrypt/live/example.com')dnl define(`confCACERT', `/etc/letsencrypt/live/example.com/chain.pem')dnl define(`confSERVER_CERT', `/etc/letsencrypt/live/example.com/cert.pem')dnl define(`confSERVER_KEY', `/etc/letsencrypt/live/example.com/privkey.pem')dnl dnl#
Append the above to the end of the file, replacing example.com with your domain.
This will also work with an ECDSA private key and Let's Encrypt.
dnl# define(`confCACERT_PATH', `/etc/letsencrypt/ecdsa/example.com')dnl define(`confCACERT', `/etc/letsencrypt/live/example.com/0001_chain.pem')dnl define(`confSERVER_CERT', `/etc/letsencrypt/ecdsa/example.com/0000_cert.pem')dnl define(`confSERVER_KEY', `/etc/letsencrypt/ecdsa/example.com/privkey.pem')dnl dnl#
2. Reconfigure and restart Sendmail
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
sudo service sendmail restart