openssl s_client shows alert certificate unknown but all server certificates appear to be verified

You get the error about certificate unknown from the server, so it refers to the validation of your client certificate on the server side and not to the (successful) validation of the servers certificate at the client side. That means the server does not like your client certificate.

Please check your client certificate against the list of acceptable CAs, make sure it is not revoked and maybe do a tcpdump/wireshark to verify, that it gets actually sent to the server. If this does not help you might check log files at the server side for signs what went wrong.

In my case

error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1260:SSL alert number 46

was solved by adding

ssl_verify_client_cert = yes

in /etc/dovecot/dovecot.conf.