Weblog

See changelog for details.

Due to some changes in the Let's Encrypt API, I've released version 2.1 of the Let's Encrypt script for Hiawatha.

Everything that has a beginning, has an ending. In 2002, the Hiawatha webserver was born. It started as a small hobby project with no serious intentions. But in the years that followed, it grew to a mature webserver with unique and proven security features. Unfortunately, lack of interest in this project has always been a seamy side. Many times, I wondered whether I should keep going on with the project or not, but somehow I always found a reason to continue. But not this time. Recently, a serious issue was found in the Hiawatha webserver and the fact that I didn't care much, made me realize that it's time to stop.

Does this mean that the Hiawatha webserver will stop to exist? No. I still use it myself a lot and I will continue to do so in the future. I will make new releases available via this website and GitLab, but don't expect any more fancy. The most important change is that I will stop seeing and promoting it as an alternative webserver. For the time being, this website will remain online, but I will make the forum read-only. The contact form will be removed, I won't send any more newsletters (I will remove all e-mail addresses soon) and I will no long be available for support questions about the Hiawatha webserver. Security related issues can still be reported, of course.

The most important reason for this is that my spare time is only limited and I'd rather spend it doing other things than developing a webserver. I recently bought an electric guitar and many of my spare time now goes to playing music. And for quite some time, I found a more interesting challenge in organisational security-related subjects and privacy-related subjects than in technical security-related subjects. For the last 6 years, I developed a methodology for performing a risk analysis for information security (in Dutch) and for the last few months, that project is suddenly going very well. It's getting a lot of attention in the Netherlands. And with a friend, I started a weblog about privacy (also in Dutch). And that simply covers most of my spare time.

So, can you continue using the Hiawatha webserver? Well, that depends on what you want from a webserver. Clearly, Hiawatha will never support HTTP/2 or HTTP/3. If you're fine with that and Hiawatha serves your needs, you can continue using it. To be clear: I won't stop developing Hiawatha. But new features will be based on what I need, not on what is needed for a webserver in general.

I now come to the end of my, probably, final message at the Hiawatha weblog. While typing this message, I realize that it's still a serious step for me. But I think it's the right one. Thanks to all who have supported me and this project (you know who you are). Hopefully, Hiawatha will serve you well for as long as possible, but I won't blame you if you switch to another webserver. Thanks and stay safe!

I've released version 10.9 of the Hiawatha webserver. In this version, the installation of the Let's Encrypt script has been integrated in the build system. The script has been renamed to lefh (Let's Encrypt For Hiawatha) and it now has its own manual page.

In this release, no significant changes have been made to Hiawatha itself. The mbed TLS library has been updated to the latest release and I've changed the layout for directory indexes. I got tired of the previous one.