HTTPS & Let’s Encrypt

HTTPS is an important tool for protecting the privacy of users when they use library websites, services, and third-party vendors. HTTP communication is vulnerable to potential eavesdropping and content hijacking from unauthorized third parties. HTTPS helps protect against these problems. It does this by establishing an encrypted connection between the user’s browser and a library website or service, or between two library servers that are communicating with each other.

Your library and all of its vendors should now be using HTTPS. If you’re not, check out Let’s Encrypt and get free SSL certificates to ensure your website is providing encryption to library users.

There has been a push by many organizations in recent years to move all websites to HTTPS:

  • Federal government websites are now required to be HTTPS.
  • Google gives a ranking boost to HTTPS sites in search results.
  • Firefox and Chrome flag HTTP sites as insecure.
  • Freedom of the Press Foundation started the Secure the News project to track and promote the adoption of HTTPS by major news sites.
  • Electronic Frontier Foundation launched an Encrypting the Web campaign.

Let’s Encrypt

One of the most successful initiatives to promote HTTPS has been Let’s Encrypt. This is a certificate authority that provides both free certificates and the Certbot client to easily install them. Let’s Encrypt has a number of sponsors, including the Electronic Frontier Foundation, Mozilla, Chrome, Facebook, and the American Library Association. ALA is a sponsor of this important initiative in order to help libraries move to HTTPS.

System administrators can usually install certificates by using the Certbot client in a matter of minutes on web servers running up-to-date operating systems. In addition, Let’s Encrypt has been integrated into over a hundred web hosting platforms. This means certificates can be installed by customers from their control panel with just the click of a button.