Definitely! Not only does SSL protect your passwords, but it stops things you might not expect, like your ISP injecting ads or trackers into your datastream.
Also, having a cracker break into your ownCloud setup gives them a foothold on cracking the rest of your machine. (Stuff like data theft, identity theft, and planting keyloggers etc.) Don't think you're not important enough to attack, there are bots that blanket attack everyone.
I use Apache too, however it's setup is slightly different on FreeBSD compared to Ubuntu. The data within the conf files is the same, but the file locations and file names are different. So don't take the file names or locations I use literally! They should be close, but probably not the same. You should be able to find better guides online that are Ubuntu specific.
Big picture - you need to ensure openssl/libressl is installed, and that Apache can use it. Then create a certificate (self-signed or get one from Let's Encrypt). Then configure your site to use your cert and ssl.
I first install openssl, then mod_ssl (which might be auto-installed on Ubuntu). Check your httpd.conf to ensure the ssl module in enabled. You should have a line that's something like:
LoadModule ssl_module libexec/apache24/mod_ssl.so
There's a second line you'll need to uncomment, something like:
Include etc/apache24/extra/httpd-ssl.conf
That httpd-ssl.conf file is what you update with the settings you got from Mozilla. Most of it you can leave as defaults, but here's what a portion of my httpd-ssl.conf looks like:
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# OCSP Stapling, as per Mozilla's reccomendations
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
<VirtualHost _default_:443>
DocumentRoot /usr/local/www/mydomain.tk
ServerName mydomain.tk
ServerAdmin steve@mydomain.tk
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
# HSTS (mod_headers is required) (15768000 seconds = 6 months),
# as per Mozilla's reccomendations
Header always set Strict-Transport-Security "max-age=15768000"
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/mydomain.tk/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/mydomain.tk/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/mydomain.tk/chain.pem"
</VirtualHost>
My cipher suite is bigger than Mozilla's recommendation. That's because I had to add some ciphers because the ownCloud app couldn't connect! Also, you'll notice I'm only allowing TLS 1.2. You should never use sslv2 or sslv3 (they're cracked so bad you may as well not use SSL at all), and while I don't think TLS has been cracked yet, there are theoretical attacks against TLSv1.0 which may become practical without warning.
Also, this will be the default site that your visitors (and you) will be directed to when connecting via https and the domain isn't specified in your vhosts file. (For example, if you connect via IP address.)
And here's a snippet of my vhosts contents:
<VirtualHost *:80>
ServerName mydomain.tk
Redirect permanent / https://mydomain.tk/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /usr/local/www/mydomain.tk
ServerName mydomain.tk
Header always set Strict-Transport-Security "max-age=15768000"
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/mydomain.tk/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/mydomain.tk/privkey.pem"
</VirtualHost>
The first virtualhost redirects all non-encrypted connections to the encrypted one. The second virtualhost is my actual encrypted site. This setup gives me an A+ on SSL Labs. Just add an extra virtualhost for each site you want.
I hope this helps you get SSL working! Please ask me again if you more questions, but you might do better getting advice from someone familiar with Ubuntu
Your second problem, I can't help with. I've never used the external storage functionality in ownCloud, I have zero experience and knowledge about it. I thought you were mounting an internal HDD, not mounting an external HDD. If you are talking about an internal HDD, then ownCloud's external storage shouldn't come into it at all. If you're talking about an external HDD, disregard my earlier comment about fstab!
I first played with ownCloud version 3.x, which was buggy and crap. I finally switched to owncloud full time (and away from SpiderOak) around version 5. OwnCloud is worth the effort, it really is, but for your own security, please keep trying until you get SSL working!
And once you start, you won't stop learning! Each individual component (the cipher, the protocol, individual or SAN certificates, etc) is a steep learning curve. Years ago, I managed to get SSL working with self-signed certs, only to be later emailed by the Australian government to tell me to fix my site! Apparently I was vulnerable to POODLE, but I had no idea what the hell the that meant! Now I understand it meant I was offering protocols that undermined any security I was trying to implement. (Which is why I explained disabling sslv2 and 3!)
It's much easier to understand and fix a working system than to set one up without any understanding at all. Persevere with SSL, it'll all be worth it