[joshschreuder]

That's kind of the point. They weren't but now are, and now there's even less of an excuse not to have a cert.

[dsp1234]

Is it possible to get a Let's Encrypt certificate without a public facing website (which is unrelated to wanted to run a mail server)?

[tokenizerrr]

Yes, they recently enabled the DNS validation. Otherwise, it wants to use a webserver to validate ownership. It can spin up an embedded webserver if you don't have one already.

[zAy0LfpBZLC8mAC]

I would say the opposite: There is no excuse for cementing the role of CAs for SMTP. DANE doesn't need any CA, and there is no problem with legacy clients that require CA-signed certs.