New versions of apache2 require a chain of certs in one file, not anymore separate files:

cat  /etc/apache2/ssl/cert.crt /etc/apache2/ssl/intermediate.crt > /etc/apache2/ssl/chain.crt

Common SSL-Cert config for all vhosts in 000-default:

# cert-file:
# SSLCertificateFile /etc/apache2/ssl/cert.crt
# replaced by chain-file:
SSLCertificateFile /etc/apache2/ssl/chain.crt

# the selfmade private key file associated with the certificate
# generated via $ openssl genrsa -out domain.privatekey 2048
# CSR - Certificate Signing Request - for this private key was generated via
# $ openssl req -new -key domain.privatekey -out domain.csr  # uploaded to cert registry

SSLCertificateKeyFile /etc/apache2/ssl/domain.privatekey

# DEPRECATED:
# now SSLCertificateFile contains the chain of rapidssl-intermediate and domain crt - see above!
# SSLCertificateChainFile /etc/apache2/ssl/rapidssl_intermediate.crt

Check your certs:

Cert trusted by CA?

openssl verify -CAfile intermediate.crt cert.crt

private key ok? - should return the same value:

openssl x509 -noout -modulus -in certificate.crt
openssl rsa -noout -modulus -in private.key

• http://flaz.biz/2015/08/apache-wont-start-with-a-generic-ah00016-configuration-failed/

Use php-fpm for better performance and better security: run each domain in its own “pool” - processes per user. This way you also have less permission problems with sftp.

apt-get install apache2 libapache2-mod-fastcgi php5-fpm
a2enmod actions

cp /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.backup

mcedit /etc/apache2/mods-enabled/fastcgi.conf

<IfModule mod_fastcgi.c>
  AddType application/x-httpd-fastphp5 .php
  Action application/x-httpd-fastphp5 /php5-fcgi
  Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
  FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
  <Directory /usr/lib/cgi-bin>
      Require all granted
  </Directory>
</IfModule>

apache2ctl configtest
/etc/init.d/apache2 restart

check if a phpfpm “www” pool process is running

now configure pools for each domain/vhost

cd /etc/php5/fpm/pool.d/
cp www.conf {user1.conf,user2.conf}

replace all appearances of “www” in user.conf

/etc/init.d/php-fpm restart

You need to edit your vhosts to use the new pool. Replace USERNAME by the poolname you just created and VHOSTNAME by a dfifferent name in each vhost:

<VirtualHost *:80>
...
  <IfModule mod_fastcgi.c>
      Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME
      FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME -socket /var/run/php5-fpm-${USERNAME}.sock -pass-header Authorization
  </IfModule>
...

The username must be an exisiting user in the system. e.g.:

adduser --disabled-login USERNAME
adduser www-data USERNAME
mkdir /var/www/USERNAME
chown -R USERNAME:USERNAME /var/www/USERNAME
chmod 750 /var/www/USERNAME

Links:

• https://www.linode.com/docs/websites/apache/install-php-fpm-and-apache-on-debian-8
• http://www.dimitri.eu/php-fpm-apache-split-config-per-site/