diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 36d2499..67a4f3f 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -10,6 +10,16 @@ NixOS 26.05
   and private key using :option:`mailserver.x509.certificateFile` and
   :option:`mailserver.x509.privateKeyFile` instead. Support for automatic
   creation of self-signed certificates has been removed.
+  Check the updated `setup guide`_ for a basic ACME HTTP-01 example.
+- Cleartext password files can now be configured for login accounts. This
+  is an alternative to hashed passwords that integrates well with workflows
+  establishsed by `agenix`_/`sops-nix`_ that rely on encryption. This option
+  prevents files from leaking in to the Nix store.
+  See :option:`mailserver.loginAccounts.<name>.passwordFile`.
+
+.. _setup guide: setup-guide.html#setup-the-server
+.. _agenix: https://github.com/ryantm/agenix
+.. _sops-nix: https://github.com/Mic92/sops-nix
 
 NixOS 25.11
 -----------
diff --git a/docs/setup-example.nix b/docs/setup-example.nix
index 0a9fb53..e25f0b1 100644
--- a/docs/setup-example.nix
+++ b/docs/setup-example.nix
@@ -16,12 +16,14 @@
   security.acme = {
     acceptTerms = true;
     defaults.email = "security@example.com";
-    certs.${config.mailserver.fqdn} = {
-      # Further setup required, check the manual:
-      # https://nixos.org/manual/nixos/stable/#module-security-acme
-    };
   };
 
+  # Allow incoming HTTP connections
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  # Enable ACME HTTP-01 challenge with nginx
+  services.nginx.virtualHosts.${config.mailserver.fqdn}.enableACME = true;
+
   mailserver = {
     enable = true;
     stateVersion = 3;