Ticket 316 ‐ Secure OwnCloud with HTTPS Implementation - SupaHotBall/OE2-Group-D GitHub Wiki

Task

Option 1: Let's Encrypt (Recommended) Requirements:

- Acceptance Criteria:

  • ✔ All web traffic redirected to HTTPS
  • ✔ Valid SSL certificate in place (no browser warnings)
  • ✔ OwnCloud config updated with trusted domains
  • ✔ Clear documentation and evidence(s) of before and after application of the certificate

Security Considerations

  • Enable HSTS header in Apache config
  • Disable TLS 1.0/1.1
  • Test with: openssl s_client -connect yourserver:443

- Documentation & Deliverables:

  • Clear documentation with evidence of before and after application of certificate
  • Certificate type and expiration date
  • Apache SSL configuration snippets
  • Renewal process (cron jobs for Let's Encrypt)
  • Browser compatibility testing results

Steps Taken

Step 1: Pre-check – Domain & HTTP Works

curl -I http://group-d.op-bit.nz

image

Result: HTTP 302 redirect to login page confirms the domain resolves and HTTP is accessible.

Step 2: Installed Certbot

sudo apt update
sudo apt install certbot python3-certbot-apache -y

image

Step 3: Ran Certbot with Apache Integration

Executed Certbot to generate and install SSL certificates:

sudo certbot --apache -d group-d.op-bit.nz
  • Certificate saved at: /etc/letsencrypt/live/group-d.op-bit.nz/fullchain.pem
  • Key saved at: /etc/letsencrypt/live/group-d.op-bit.nz/privkey.pem
  • Certificate Expiry: 2025-08-16

image

Step 4: HTTPS Confirmed in Browser

Visited https://group-d.op-bit.nz and verified the browser lock icon and domain was secured.

image

Step 5: Domain Auto-Renewal Scheduled

Certbot automatically adds a renewal cron job:

These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

image

Step 6: Add Trusted Domain to OwnCloud

Edited config.php:

'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'group-d.op-bit.nz',
  ),

image

File: /var/www/owncloud/config/config.php

Step 7: Edit the Apache SSL config

Opened and edited the virtual host file:

sudo nano /etc/apache2/sites-available/owncloud-le-ssl.conf

Updated content:

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName group-d.op-bit.nz
  DocumentRoot /var/www/owncloud

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/group-d.op-bit.nz/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/group-d.op-bit.nz/privkey.pem

  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
</VirtualHost>
</IfModule>

image

Step 8: Enable headers module

sudo a2enmod headers

image

Step 9: Restart Apache

sudo systemctl restart apache2

Step 10: Final Browser Test

Visited https://group-d.op-bit.nz again. HTTPS works and no warnings shown.

image

Step 11: OpenSSL Test

Verified HTTPS configuration with OpenSSL:

openssl s_client -connect group-d.op-bit.nz:443

Confirmed:

  • Verify return code: 0 (ok)

  • Certificate chain includes Let's Encrypt

  • Subject matches your domain

image

Step 12: Confirm Certificate Expiry Date

sudo certbot certificates

Shows:

Certificate Path: /etc/letsencrypt/live/group-d.op-bit.nz/fullchain.pem
Key Path:         /etc/letsencrypt/live/group-d.op-bit.nz/privkey.pem
Expiration:       2025-08-16

image

Challenges

External Resources

Ticket Reference

https://rt.dataraster.com/Ticket/Display.html?id=316&results=69fe1023dbf901c5880d937c499a0e81

⚠️ **GitHub.com Fallback** ⚠️