#314: Secure OwnCloud with HTTPS Implementation - Jenrite/OE2-project-group-B GitHub Wiki

Secure Owncloud over HTTPS

install certbot letsencrypt

sudo apt update

sudo apt install certbot python3-certbot-apache -y

Enable Apache SSL & Rewrite Modules

sudo a2enmod ssl

sudo a2enmod rewrite

sudo systemctl restart apache2

Run Certbot to Get the SSL Certificate

sudo certbot --apache -d group-b.op-bit.nz

Here I got:

This site can’t provide a secure connection group-b.op-bit.nz sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR

When trying to get to the site with https

So i ran the following sudo certbot --apache -d group-b.op-bit.nz and gave them my email

I can now access owncloud securely over https

image

Security Considerations

Enable HSTS header in Apache config

Add following line to /etc/apache2/sites-available/owncloud-le-ssl.conf <VirtualHost *:443> block for HSTS

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Disable TLS 1.0/1.1

Adjust /etc/apache2/mods-available/ssl.conf

image

This disables old, insecure SSL/TLS versions (SSLv2, SSLv3, TLS 1.0, 1.1), allows only strong encryption ciphers, and forces the server to choose the safest cipher order to ensure secure HTTPS connections.

Test with: openssl s_client -connect group-b.op-bit.nz:443

image

Testing certificate renwal process

image

image

Add last line to file to tell certbot to reload apache2 when the domain is renwed

Browser Compatibility testing

Previous testing done in chrome

Links pasted and then https replaced with http

Edge: image

Firefox: image