WEB(7) Miscellaneous Information Manual WEB(7)

webweb server operations

Create a file /etc/httpd.conf.

server "openbsd.directory" {
  listen on * port 80
  root "/htdocs/openbsd.directory"
}

server "www.openbsd.directory" {
  listen on * port 80
  block return 301 "http://openbsd.directory$REQUEST_URI"
}

Create basic content for the test website.

$ echo openbsd.directory > /var/www/htdocs/openbsd.directory/index.html

Check the httpd(8) configuration file.

$ httpd -n
configuration OK

Enable and start the httpd(8) daemon.

$ rcctl enable httpd
$ rcctl start httpd

Before enabling https, we need to configure acme-client(1). Add these section to /etc/acme-client.conf.

authority letsencrypt {
  api url "https://acme-v02.api.letsencrypt.org/directory"
  account key "/etc/ssl/private/letsencrypt.key"
}

domain openbsd.directory {
  alternative names { www.openbsd.directory }
  domain key "/etc/ssl/private/openbsd.directory.key"
  domain certificate "/etc/ssl/openbsd.directory.crt"
  domain full chain certificate "/etc/ssl/openbsd.directory.pem"
  sign with letsencrypt
}
Create directories for daemon. 
$ mkdir -p -m 700 /etc/ssl/private
$ mkdir -p -m 755 /var/www/acme
Now we edit the /etc/httpd.conf file and add the lines that handle verification requests from Let's Encrypt. 
server "openbsd.directory" {
  listen on * port 80
  root "/htdocs/openbsd.directory"
  location "/.well-known/acme-challenge/*" {
    root "/acme"
    request strip 2
  }
}

Check this configuration and restart httpd(8):

$ httpd -n
configuration OK
$ rcctl restart httpd
httpd (ok)
httpd (ok)

Generate certificate.

$ acme-client -v openbsd.directory
acme-client: /etc/ssl/openbsd.directory.crt: created
acme-client: /etc/ssl/openbsd.directory.pem: created

To automate certificate renewal, make changes to the existing crontab(5).

crontab -e
And add this line. 
0 0 * * * acme-client openbsd.directory && rcctl reload httpd
April 11, 2023 OpenBSD 7.4