Setting up OpenBSD's default web server, openhttpd, is relatively simple. Start off by copying the example file in /etc/examples/httpd.conf: $ doas cp /etc/examples/httpd.conf /etc/httpd.conf Here is what /etc/httpd.conf contains: server "example.com" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://$HTTP_HOST$REQUEST_URI" } } server "example.com" { listen on * tls port 443 tls { certificate "/etc/ssl/example.com.fullchain.pem" key "/etc/ssl/private/example.com.key" } location "/pub/*" { directory auto index } location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } } You must replace example.com everywhere with your domain name. Simply enable and start the web server: $ doas rcctl enable httpd $ doas rcctl start httpd Make sure pf allows incoming http connections by putting this line into /etc/pf.conf: pass in proto tcp to port {http https} Then, reload the pf rulesets: $ doas pfctl -f /etc/pf.conf At this point, you should test to see if the web server is working on port 80. This test should be run on some other computer besides the web server (your local workstation is fine). Make sure you have curl installed: $ doas pkg_add curl $ curl example.com You should a response similar to the one below: 302 Found

302 Found


OpenBSD httpd
Now you will almost certainly want openhttpd to use an SSL cert, so follow the [[openbsd:acme-client|acme-client]] instructions, then reset your web server: $ doas rcctl restart httpd To test if your web server is working and has a correct SSL cert, run: $ openssl s_client -connect example.com:443 You should see the correct SSL subject and issuer: subject=/CN=example.com issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 {{ :openbsd:www:ssl-cert.png?direct |}}