Let’s Encrypt Comes to Community Edition: Hermes SEG v260628

Two weeks after the Docker debut of v260612, Hermes Secure Email Gateway v260628 is here. It’s a small, low-risk update, but it carries a headline change we’re genuinely glad to ship: Let’s Encrypt certificate management is now part of the free Community Edition.

Let’s Encrypt moves to Community Edition

Free, automated TLS is table-stakes for a self-hosted mail platform, so the entire Let’s Encrypt / ACME gate has moved from Pro to every edition:

  • Console & mail-host certificates, under System Certificates → Request ACME Certificate, issue and auto-renew a free Let’s Encrypt certificate for the gateway itself.
  • Per-domain mailbox certificates, under Email Server → Domains, switch on Auto-managed (Let’s Encrypt) for per-mailbox-domain SAN certificates with automatic validation, issuance, and renewal.

The certbot engine, SAN validator, and SMTP-SNI generator all run on Community now, no Pro license required. The manual CSR-and-import path is still there if you prefer a commercial CA. And to be clear, nothing is removed from Pro: existing Pro installs already had this and are unaffected. We just think free, automated certificates belong with everyone.

Documentation & housekeeping

This release also lands a batch of documentation work: a published CHANGELOG in Keep a Changelog format, an expanded get-started guide (admin-email review, antispam maintenance with Pyzor / Razor / Bayes, Barracuda registration, and CipherMail console-password steps), and assorted README refinements.

Upgrading

v260628 is a drop-in update, no schema changes, no new containers, and no mandatory action for existing installs. Docker deployments can run the standard update orchestrator or git fetch && git reset --hard v260628 and redeploy. Pro boxes validate normally against the published v260628 manifest; boxes that stay on v260612 keep validating too.

An honest note for production users

As with v260612, the Docker line is still an early-adopter track. This update is low-risk and feature-complete, but if you run a production gateway, test certificate issuance and renewal in your own environment before relying on it. Early-adopter feedback continues to shape each release.

Read the full release notes How Hermes compares