I am planning a seri es of blog posts about my experiences moving our library servers and services to Let’s Encrypt for TSL/HTTPS certificates. Let’s Encrypt is a certificate authority that issues free TSL certificates as part of a widespread campaign to move all web traffic to HTTPS and has a number of sponsors including the Electronic Frontier Foundation, Mozilla, Chrome, Cisco, Facebook, Automatic (the WordPress folks), and the American Library Association. That’s right, ALA is a sponsor of this important initiative in order to help libraries move to HTTPS.
Let’s Encrypt also provides a set of tools to automate the installation and renewal of certificates. The free tools and certificates became available in a beta version last November and moved out of beta status in April 2016. Adoption has been rapid. According to this article in Wired magazine:
- “The 1.8 million certificates Let’s Encrypt has issued to 3.8 million websites make it the third-largest certificate authority in the world”
- “85 percent of those sites never had HTTPS before”
- “All sites hosted on WordPress with custom URLs will now be encrypted by default using Let’s Encrypt’s certificates.”
Most libraries have never had HTPPS, and its time for that to change. I plan to share my recipes for using Let’s Encrypt over the next week or two. They are in essence “rough drafts” of what will hopefully become more polished How-to Guides that will be published more formally on the Choose Privacy Week website or somewhere else on the ALA website. Here are the posts I have planned for servers:
- Apache Web Server on CentOS 6
- IIS Web Server on Windows 2008
- Standalone EZproxy Server on CentOS 6
- Library OPAC Server – SirsiDynix Enterprise on Tomcat CentOS 5
- API Server – SirsiDynix Web Services on Tomcat CentOS 6