dovecot - Mar 2016 - VS: Dovecot stops responding when I update SSL certificate

Did you change dh parameter size as well? This causes dh generation which can
take some time.
---Aki TuomiDovecot oy-------- Alkuper?inen viesti --------L?hett?j?: HotSlots
Webmaster <webmaster at hotslots132.com> P?iv?m??r?: 5.3.2016  4.10 
(GMT+02:00) Saaja: dovecot at dovecot.org Aihe: Dovecot stops responding when I
update SSL certificate
Dovecot 2.2.18
CentOS 6.7 (x86_64)
Plesk 12.5.30

I have had Dovecot working fine with SSL for nearly two years now. It's 
time to renew the SSL certificate, so I did (same CA). The new 
certificate works fine in Apache and Postfix. But when I update Dovecot 
to use the same certificate, and restart the server, Dovecot stops 
responding to connects. I have triple-checked that the ssl_cert and 
ssl_key files are correct - all I did was change the names in the conf 
file. There's nothing in the log. I have tried various SSL tests but 
either they don't work (unspecific error) or they tell me nothing is 
wrong (and show the correct certificate.)? I am running out of time to 
find a solution to this - what else can I look for?

The one difference for the certificates is that I opted for one with a 
SHA256 root rather than SHA1 root. I have separately used a tool to 
verify that the certificate and private key match.

Here is the end of the dovecot -n file that mentions SSL:

ssl = required
ssl_cert = </etc/pki/tls/certs/hotslots-cert.pem
ssl_cipher_list = 
EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES
ssl_dh_parameters_length = 2048
ssl_key = </etc/ssl/private/hotslots-private.pem
ssl_protocols = TLSv1.1 TLSv1.2 !TLSv1
userdb {
?? args = uid=popuser gid=popuser
?? driver = static
}
protocol imap {
?? mail_plugins = " quota imap_quota"
}
protocol pop3 {
?? pop3_uidl_format = UID%u-%v
}
protocol lda {
?? mail_plugins = " quota sieve"
}

(The !TLSv1 doesn't seem to be honored - I tried it with and without 
that. A problem for later.)

Thanks for any help.

Steve L