Upgrade Apache to Latest Version on Ubuntu 20.04
If you’ve been stuck with the same old Apache that shipped with Ubuntu 20.04, this guide will show you how to pull a newer release without breaking your existing sites. We’ll cover three routes – using a trusted PPA, pulling the official Debian backports, or compiling from source – and point out where each one makes sense (or not).
Why the default repo isn’t enough
Ubuntu 20.04 LTS ships Apache 2.4.41. It’s stable, but it misses recent security patches and performance tweaks that appeared in 2.4.54 and later. Running apt list --installed apache2 will confirm you’re on the stock version. If you need features like HTTP/3 support or the latest mod_security rules, you have to go beyond the official repos.
Method 1 – Add the “Ondřej Surý” PPA (the easiest and safest)
The Czech PHP‑Apache guru maintains a well‑tested PPA that carries newer Apache builds for LTS releases. It’s not a hack; it’s used by thousands of servers.
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/apache2
sudo apt update
sudo apt upgrade apache2
What’s happening?
- software-properties-common gives you the add-apt-repository helper.
- The PPA entry is added to /etc/apt/sources.list.d, so future apt upgrade calls will automatically pull newer Apache packages.
- Running apt upgrade apache2 replaces the old 2.4.41 binaries with the latest version available in that repo (currently 2.4.57).
Gotchas: The PPA tracks the upstream releases closely, but it may lag a few weeks after an official Apache release. Also, because it’s a third‑party source, you should test on a staging box before hitting production.
Method 2 – Use Ubuntu backports (no extra repo)
If you prefer to stay within Canonical’s ecosystem, the focal-backports repository sometimes contains newer Apache builds.
sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse"
sudo apt update
sudo apt -t focal-backports install apache2
Why bother?
Backports are officially maintained, so you get security updates through the normal unattended-upgrades pipeline. The downside is that backported packages are optional and may not be as fresh as the PPA.
Method 3 – Compile from source (for the control freaks)
When you need the absolute newest features or a custom compile‑time flag, pulling the tarball and building it yourself is the way to go. I’ve done this after a driver update broke my kernel modules; same level of patience applies here.
# Install build dependencies
sudo apt install build-essential libpcre3-dev libssl-dev apache2-dev
# Grab the latest source (replace 2.4.58 with whatever is current)
wget https://downloads.apache.org/httpd/httpd-2.4.58.tar.gz
tar xzf httpd-2.4.58.tar.gz
cd httpd-2.4.58
# Configure – enable modules you actually need
./configure --enable-so --enable-ssl --with-mpm=event --enable-rewrite
make -j$(nproc)
sudo make install
What to watch out for:
Compiling installs Apache under /usr/local/apache2 by default, so it won’t clash with the distro package but also won’t be managed by apt. You’ll need to set up your own systemd service file and handle updates manually. If you’re not comfortable maintaining a custom binary, stick with one of the repository methods.
Switching back if something goes south
Mistakes happen – I once upgraded via the PPA only to discover a third‑party module refused to load. The quickest rollback is:
sudo apt install apache2=2.4.41-4ubuntu3.9 # exact version from Ubuntu repo
sudo apt-mark hold apache2 # prevent accidental upgrades
Replace the version string with whatever your original package was. Holding the package stops apt upgrade from pulling the newer one again.
That’s it. Pick the route that matches your risk tolerance, run the commands, and give Apache a fresh coat of paint.
