How to Upgrade Apache on Ubuntu (24.04, 22.04)

Apache HTTP Server is the foundation of countless Ubuntu web deployments, from personal WordPress sites to production application servers. Ubuntu’s default repositories ship stable but dated Apache builds, while Ondrej Sury’s PPA tracks upstream releases closely and delivers current versions with the latest security patches. Upgrading Apache on Ubuntu through this PPA gives you access to newer features, HTTP/2 improvements, and vulnerability fixes months ahead of the default package channel.

Ubuntu 24.04 LTS includes Apache 2.4.58 and Ubuntu 22.04 LTS ships Apache 2.4.52 from default repositories. The Ondrej Sury PPA currently provides Apache 2.4.66 for both releases, bringing TLS 1.3 refinements, mod_http2 fixes, and security patches that have not reached the default Ubuntu packages yet. This guide walks through importing the PPA, upgrading Apache, verifying the new build, and rolling back to Ubuntu’s default version if needed.

Default Apache Versions by Ubuntu Release

Ubuntu ships different Apache versions depending on the LTS release. Knowing your baseline helps confirm the PPA delivers a newer build and provides context for rollback decisions.

Ubuntu Release	Default Apache	Ondrej PPA Apache
Ubuntu 24.04 LTS	Apache 2.4.58	Apache 2.4.66
Ubuntu 22.04 LTS	Apache 2.4.52	Apache 2.4.66

The Ondrej Sury PPA does not yet publish packages for Ubuntu 26.04 LTS (Resolute Raccoon). This guide will be updated to include 26.04 once PPA support becomes available. All commands below apply to Ubuntu 24.04 and 22.04 LTS.

Check the Current Apache Version on Ubuntu

Before modifying repositories, check which Apache release is currently installed:

apache2 -v

The output shows the installed Apache version and build date:

Server version: Apache/2.4.58 (Ubuntu)
Server built:   2024-12-19T11:45:26

The apt-cache policy command reports which repositories supply the apache2 package so you can verify whether the PPA adds a newer build after importing it:

apt-cache policy apache2

On Ubuntu 24.04 LTS, default repository output looks like this:

apache2:
  Installed: 2.4.58-1ubuntu8.10
  Candidate: 2.4.58-1ubuntu8.10
  Version table:
 *** 2.4.58-1ubuntu8.10 500
        500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu noble-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.4.58-1ubuntu8 500
        500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages

If Apache is not installed, these commands return “command not found” or show no installed version, which is expected. You can install Apache directly after importing the PPA.

Update Ubuntu System Packages Before Upgrading Apache

Refresh APT’s package index and apply pending updates to avoid dependency conflicts during the Apache upgrade.

sudo apt update && sudo apt upgrade

If your Ubuntu user account does not have sudo privileges, follow this guide to add a user to sudoers on Ubuntu before continuing.

Import the Ondrej Apache PPA on Ubuntu

Ondrej Sury is a long-time Debian and Ubuntu contributor who maintains PPAs that track upstream Apache, PHP, and Nginx releases. His Apache PPA on Launchpad delivers current builds long before Ubuntu’s default channels update. Install the repository helper tool, then import the PPA:

sudo apt install software-properties-common -y

The software-properties-common package provides the add-apt-repository command, which handles GPG key import and source list creation automatically. Import the PPA:

sudo add-apt-repository ppa:ondrej/apache2 -y

Back up /etc/apache2 before upgrading, especially if you rely on third-party modules or custom MPM settings. The PPA replaces core Apache binaries and modules, which can affect configurations built against the previous ABI.

Upgrade Apache to the Latest Version on Ubuntu

After importing the PPA, refresh the package lists to pick up the new source, then install or upgrade Apache. Running apt install apache2 upgrades an existing installation to the PPA version while pulling in updated dependencies. For a fresh setup, see the full Apache installation guide on Ubuntu.

sudo apt update
sudo apt install apache2

Verify the Apache Upgrade and Configuration

Run a syntax check to confirm existing virtual hosts and modules are compatible with the upgraded Apache build:

sudo apachectl configtest

Syntax OK

If the syntax check passes, restart Apache to load the new binaries:

sudo systemctl restart apache2

Verify the service is running and review recent startup messages for module or virtual host errors:

sudo systemctl status apache2

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-06-16 10:15:32 UTC; 2s ago
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 12847 (apache2)
      Tasks: 55 (limit: 4558)
     Memory: 12.4M
        CPU: 142ms
     CGroup: /system.slice/apache2.service
             ├─12847 /usr/sbin/apache2 -k start
             ├─12848 /usr/sbin/apache2 -k start
             └─12849 /usr/sbin/apache2 -k start

Confirm the upgrade succeeded by checking the installed version. The output should reference the PPA build:

apache2 -v

Server version: Apache/2.4.66 (Ubuntu)
Server built:   2025-12-05T10:45:12

Verify the package source now points to the Ondrej Sury PPA:

apt-cache policy apache2

On Ubuntu 24.04 LTS, the policy output confirms the PPA is the active source:

apache2:
  Installed: 2.4.66-1+ubuntu24.04.1+deb.sury.org+3
  Candidate: 2.4.66-1+ubuntu24.04.1+deb.sury.org+3
  Version table:
 *** 2.4.66-1+ubuntu24.04.1+deb.sury.org+3 500
        500 https://ppa.launchpadcontent.net/ondrej/apache2/ubuntu noble/main amd64 Packages
        100 /var/lib/dpkg/status
     2.4.58-1ubuntu8.10 500
        500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages

On Ubuntu 22.04 LTS, the installed version reads 2.4.66-1+ubuntu22.04.1+deb.sury.org+3 and the default candidate shows 2.4.52-1ubuntu4.18 from jammy-updates. The PPA version is identical across both LTS releases.

Restore the Default Ubuntu Apache Version

If you need to revert to the standard Ubuntu Apache build, ppa-purge removes the PPA packages and reinstalls Ubuntu’s default version in one step. Stop Apache before the downgrade to avoid file conflicts:

sudo systemctl stop apache2
sudo apt install ppa-purge -y

Purge the PPA and restore the default packages:

sudo ppa-purge ppa:ondrej/apache2

Start Apache with the restored Ubuntu build and confirm it is active:

sudo systemctl start apache2
sudo systemctl status apache2

● apache2.service - The Apache HTTP Server
     Active: active (running) since Mon 2025-06-16 11:12:04 UTC; 5s ago
   Main PID: 17842 (apache2)
        CPU: 62ms

Verify the version matches Ubuntu’s default repository:

apache2 -v

Server version: Apache/2.4.58 (Ubuntu)
Server built:   2024-12-19T11:45:26

Apache is now running the Ubuntu-maintained build. You can re-import the PPA later by repeating the steps above. For more PPA management options, see how to remove a PPA from Ubuntu.

Troubleshoot Apache Upgrade Issues on Ubuntu

If Apache fails to start or the PPA import encounters errors, work through these checks before rolling back. Each subsection covers common symptoms, diagnostic commands, and verified fixes.

Fix PPA Import or APT Update Failures

Repository timeouts and authentication errors usually trace back to network problems, stale cached data, or partially imported keys. Verify the Launchpad mirror is reachable using curl:

curl -I https://ppa.launchpadcontent.net/ondrej/apache2/ubuntu/dists/$(lsb_release -cs)/Release

A healthy connection returns an HTTP 200 header:

HTTP/1.1 200 OK
Content-Length: 209
Content-Type: text/plain

If the request times out or shows TLS errors, reinstall the certificate packages:

sudo apt install --reinstall ca-certificates software-properties-common

When apt update shows a NO_PUBKEY warning, remove and re-add the PPA so the GPG key is re-imported automatically:

sudo add-apt-repository --remove ppa:ondrej/apache2
sudo add-apt-repository ppa:ondrej/apache2
sudo apt update

A NO_PUBKEY failure during apt update looks like this:

Err:7 https://ppa.launchpadcontent.net/ondrej/apache2/ubuntu noble InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E5267A6C

On proxy-bound servers, set the proxy variables before adding the PPA: export http_proxy=http://proxy:3128 and export https_proxy=http://proxy:3128. Remove them after the repository import succeeds.

Resolve Apache Module ABI or Configuration Failures

Major Apache version bumps can break modules compiled against the old binary interface (ABI). List every enabled module to identify custom entries that may need updating:

sudo apachectl -M | sort

When a module throws errors, disable it, reload Apache, and install the updated package from the PPA:

sudo a2dismod php8.1
sudo systemctl reload apache2
sudo apt install libapache2-mod-php8.3
sudo a2enmod php8.3
sudo apachectl configtest

A failing module surfaces in apachectl configtest output:

apache2: Syntax error on line 146 of /etc/apache2/apache2.conf: 
Cannot load /usr/lib/apache2/modules/libphp8.1.so into server: undefined symbol: unixd_config

Disable the module referenced in the error, reinstall the updated version from the PPA, and only re-enable it after configtest reports Syntax OK.

Debug Apache Service Start Errors

Systemd status checks reveal permission problems, missing files, or syntax issues. Capture the status output and recent journal entries:

sudo systemctl status apache2 --no-pager
sudo journalctl -u apache2 -n 50 --no-pager
sudo tail -n 50 /var/log/apache2/error.log

A failed restart caused by a typo in a virtual host configuration looks like this:

Jun 16 16:11:07 web01 apachectl[10947]: AH00526: Syntax error on line 12 of /etc/apache2/sites-enabled/example.conf:
Jun 16 16:11:07 web01 apachectl[10947]: Invalid command '<VirutalHost', perhaps misspelled or defined by a module not included in the server configuration

Open the referenced file, fix the typo, rerun sudo apachectl configtest, and start Apache again:

sudo nano /etc/apache2/sites-enabled/example.conf
sudo apachectl configtest
sudo systemctl start apache2

Detect Port Conflicts After the Apache Upgrade

Apache cannot bind to ports 80 or 443 when another service already occupies those sockets. Identify the conflicting process:

sudo ss -tulpn | grep -E ':(80|443)'

Example output showing Nginx occupying both ports:

tcp   LISTEN 0 511 0.0.0.0:80    0.0.0.0:*    users:(("nginx",pid=2214,fd=6))
tcp   LISTEN 0 511 0.0.0.0:443   0.0.0.0:*    users:(("nginx",pid=2214,fd=7))

Stop or reconfigure the conflicting service before retrying Apache:

sudo systemctl stop nginx
sudo systemctl disable nginx
sudo systemctl start apache2

Alternatively, adjust Apache to listen on different ports by editing /etc/apache2/ports.conf and the affected virtual host files.

Recover from Broken Apache Package Upgrades

A cancelled upgrade or dependency mismatch can leave Apache in a half-configured state. APT’s repair commands clean up pending package actions:

sudo apt --fix-broken install
sudo dpkg -l | grep apache2

Reinstall any package marked as installed but missing files, then rerun the configuration test:

sudo apt install --reinstall apache2 apache2-bin apache2-data
sudo apachectl configtest
sudo systemctl restart apache2

If APT reports held packages, clear them and attempt the upgrade again:

sudo apt-mark unhold apache2 apache2-bin
sudo apt full-upgrade

These steps return Apache to a consistent state so future upgrades and module installations apply cleanly.

FAQ: Upgrading Apache on Ubuntu

Conclusion

Upgrading Apache on Ubuntu through Ondrej Sury’s PPA delivers current upstream builds with security patches, HTTP/2 refinements, and module updates ahead of the default package channel. The process covers version verification, configuration checks, and a clean rollback path using ppa-purge so you can test new releases confidently. For automatic security updates, configure unattended upgrades on Ubuntu, secure your web server with UFW firewall rules, and consider adding ModSecurity with Apache on Ubuntu for application-layer protection.