httpd

default server in /etc/httpd.conf

server "default" {
 listen on * port http
 root "/htdocs/default"
 location "/.well-known/acme-challenge/*" {
    root "/acme"
    request strip 2
    directory no auto index
  }
}

check config: httpd -n

enable httpd

rcctl enable httpd
rcctl start httpd

/etc/acme-client.conf

authority letsencrypt {
  api url "https://acme-v02.api.letsencrypt.org/directory"
  account key "/etc/acme/letsencrypt-privkey.pem"
}

domain mijndertstuij.nl {
  alternative names { www.mijndertstuij.nl }
  domain key "/etc/ssl/private/mijndertstuij.nl.key"
  domain full chain certificate "/etc/ssl/mijndertstuij.nl.fullchain.pem"
  sign with letsencrypt
}

get certificate: acme-client -v mijndertstuij.nl

enable ssl in vhost:

listen on egress tls port 443
hsts
tls certificate "/etc/ssl/mijndertstuij.nl.fullchain.pem"
tls key "/etc/ssl/mijndertstuij.nl.key"

redirect http to https

server "mijndertstuij.nl" {
  listen on egress port 80
  block return 301 "https://$SERVER_NAME$REQUEST_URI"
}