<code>
$ doas pkg_add cgit
</code>

Inside /etc/httpd.conf:
<code>
server "git.ircnow.org" {
        listen on * port 80
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
        location * {
                block return 302 "https://$HTTP_HOST$REQUEST_URI"
        }
}
server "git.ircnow.org" {
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/git.ircnow.org.fullchain.pem"
                key "/etc/ssl/private/git.ircnow.org.key"        
        }
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
        location "*~" {
                block drop
        }
        location "/cgit.*" {
                root "/cgit"
                no fastcgi
        }
        root "/cgi-bin/cgit.cgi"
        fastcgi socket "/run/slowcgi.sock"
}

</code>

Unconfirmed: you may need 'no fastcgi' inside the acme block to enable renewal of certs.

Make sure also to edit /var/www/conf/cgitrc:
<code>

</code>