diff --git a/README.md b/README.md
index 48917a4505b218f190352b6edf6fa23ca778dae1..57fb42bbb4cecca4ff33802c7052a5e54fce8567 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,41 @@
 # openbsd-mailserver
 
-Plan and document how an OpenBSD mailserver works.
\ No newline at end of file
+Plan and document how an OpenBSD mailserver works.
+
+## install software
+
+```
+pkg_add opensmtpd-extras-pgsql postgresql-server
+```
+
+## enable postgres
+
+We first have to create a new database:
+
+```
+doas -u _postgresql mkdir /var/postgresql/data
+doas -u _postgresql initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
+```
+
+Now we can enable and start the database server:
+
+```
+rcctl enable postgresql
+rcctl start postgresql
+```
+
+## enable httpd
+
+```
+rcctl enable httpd
+rcctl start httpd
+```
+
+## crontab
+
+Run `crontab -e` and add the following lines:
+
+```
+# renew acme certificates every day at some time between 00:00 and 01:00
+~       0       *       *       *       acme-client barnslig.xyz && rcctl reload httpd
+```
diff --git a/etc/acme-client.conf b/etc/acme-client.conf
new file mode 100644
index 0000000000000000000000000000000000000000..643882b0830c816e22be27d8e2e138edfd75ed44
--- /dev/null
+++ b/etc/acme-client.conf
@@ -0,0 +1,11 @@
+authority letsencrypt {
+        api url "https://acme-v02.api.letsencrypt.org/directory"
+        account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+domain barnslig.xyz {
+        alternative names { mail.barnslig.xyz frieder.barnslig.eu }
+        domain key "/etc/ssl/private/barnslig.xyz.key"
+        domain full chain certificate "/etc/ssl/barnslig.xyz.fullchain.pem"
+        sign with letsencrypt
+}
diff --git a/etc/httpd.conf b/etc/httpd.conf
new file mode 100644
index 0000000000000000000000000000000000000000..5b68a8b7bdb7a3cddb8b8e9cb65901146e0ff91e
--- /dev/null
+++ b/etc/httpd.conf
@@ -0,0 +1,36 @@
+server "barnslig.xyz" {
+    alias mail.barnslig.xyz
+    alias frieder.barnslig.eu
+
+	listen on * port 80
+
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+
+	location * {
+		block return 302 "https://$HTTP_HOST$REQUEST_URI"
+	}
+}
+
+server "barnslig.xyz" {
+    alias mail.barnslig.xyz
+    alias frieder.barnslig.eu
+
+	listen on * tls port 443
+
+	tls {
+		certificate "/etc/ssl/barnslig.xyz.fullchain.pem"
+		key "/etc/ssl/private/barnslig.xyz.key"
+	}
+
+	location "/pub/*" {
+		directory auto index
+	}
+
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+}
diff --git a/etc/mail/smtpd.conf b/etc/mail/smtpd.conf
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391