diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py
index 3b91617e5..8d6995211 100644
--- a/certbot-apache/certbot_apache/configurator.py
+++ b/certbot-apache/certbot_apache/configurator.py
@@ -776,7 +776,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
 
         for listen in listens:
             # For any listen statement, check if the machine also listens on
-            # Port 443. If not, add such a listen statement.
+            # the given port. If not, add such a listen statement.
             if len(listen.split(":")) == 1:
                 # Its listening to all interfaces
                 if port not in listen_dirs and port_service not in listen_dirs:
diff --git a/certbot-apache/certbot_apache/http_01.py b/certbot-apache/certbot_apache/http_01.py
index 9c25b1f17..804644975 100644
--- a/certbot-apache/certbot_apache/http_01.py
+++ b/certbot-apache/certbot_apache/http_01.py
@@ -65,8 +65,14 @@ Alias /.well-known/acme-challenge {0}
         """Make sure that we have the needed modules available for http01"""
 
         if self.configurator.conf("handle-modules"):
-            if "alias_module" not in self.configurator.parser.modules:
-                self.configurator.enable_mod("alias", temp=True)
+            needed_modules = ["alias"]
+            if self.configurator.version < (2, 4):
+                needed_modules.append("authz_host")
+            else:
+                needed_modules.append("authz_core")
+            for mod in needed_modules:
+                if mod + "_module" not in self.configurator.parser.modules:
+                    self.configurator.enable_mod(mod, temp=True)
 
     def _mod_config(self):
         self.configurator.parser.add_include(
diff --git a/certbot-apache/certbot_apache/override_debian.py b/certbot-apache/certbot_apache/override_debian.py
index 6e2e34ba9..02dffc3f7 100644
--- a/certbot-apache/certbot_apache/override_debian.py
+++ b/certbot-apache/certbot_apache/override_debian.py
@@ -140,5 +140,5 @@ class DebianConfigurator(configurator.ApacheConfigurator):
                 "a2dismod are configured correctly for certbot.")
 
         self.reverter.register_undo_command(
-            temp, [self.conf("dismod"), mod_name])
+            temp, [self.conf("dismod"), "-f", mod_name])
         util.run_script([self.conf("enmod"), mod_name])
diff --git a/certbot-apache/certbot_apache/tests/http_01_test.py b/certbot-apache/certbot_apache/tests/http_01_test.py
index f52b9d0cc..4e2a5faff 100644
--- a/certbot-apache/certbot_apache/tests/http_01_test.py
+++ b/certbot-apache/certbot_apache/tests/http_01_test.py
@@ -40,7 +40,6 @@ class ApacheHttp01Test(util.ApacheTest):
 
     def setUp(self, *args, **kwargs):
         super(ApacheHttp01Test, self).setUp(*args, **kwargs)
-        self.maxDiff = None
 
         self.account_key = self.rsa512jwk
         self.achalls = []
@@ -53,21 +52,51 @@ class ApacheHttp01Test(util.ApacheTest):
                     domain="example{0}.com".format(i),
                     account_key=self.account_key))
 
+        modules = ["alias", "authz_core", "authz_host"]
+        for mod in modules:
+            self.config.parser.modules.add("mod_{0}.c".format(mod))
+            self.config.parser.modules.add(mod + "_module")
+
         from certbot_apache.http_01 import ApacheHttp01
-        self.config.parser.modules.add("mod_alias.c")
-        self.config.parser.modules.add("alias_module")
         self.http = ApacheHttp01(self.config)
 
     def test_empty_perform(self):
         self.assertFalse(self.http.perform())
 
     @mock.patch("certbot_apache.configurator.ApacheConfigurator.enable_mod")
-    def test_add_alias_module(self, mock_enmod):
+    def test_enable_modules_22(self, mock_enmod):
+        self.config.version = (2, 2)
+        self.config.parser.modules.remove("authz_host_module")
+        self.config.parser.modules.remove("mod_authz_host.c")
+
+        enmod_calls = self.common_enable_modules_test(mock_enmod)
+        self.assertEqual(enmod_calls[0][0][0], "authz_host")
+
+    @mock.patch("certbot_apache.configurator.ApacheConfigurator.enable_mod")
+    def test_enable_modules_24(self, mock_enmod):
+        self.config.parser.modules.remove("authz_core_module")
+        self.config.parser.modules.remove("mod_authz_core.c")
+
+        enmod_calls = self.common_enable_modules_test(mock_enmod)
+        self.assertEqual(enmod_calls[0][0][0], "authz_core")
+
+    def common_enable_modules_test(self, mock_enmod):
+        """Tests enabling mod_alias and other modules."""
         self.config.parser.modules.remove("alias_module")
         self.config.parser.modules.remove("mod_alias.c")
+
         self.http.prepare_http01_modules()
+
         self.assertTrue(mock_enmod.called)
-        self.assertEqual(mock_enmod.call_args[0][0], "alias")
+        calls = mock_enmod.call_args_list
+        other_calls = []
+        for call in calls:
+            if "alias" != call[0][0]:
+                other_calls.append(call)
+
+        # If these lists are equal, we never enabled mod_alias
+        self.assertNotEqual(calls, other_calls)
+        return other_calls
 
     def common_perform_test(self, achalls):
         """Tests perform with the given achalls."""
diff --git a/certbot-apache/certbot_apache/tests/util.py b/certbot-apache/certbot_apache/tests/util.py
index 8f5162629..1ba1e2c34 100644
--- a/certbot-apache/certbot_apache/tests/util.py
+++ b/certbot-apache/certbot_apache/tests/util.py
@@ -103,7 +103,7 @@ def get_apache_configurator(  # pylint: disable=too-many-arguments, too-many-loc
         apache_challenge_location=config_path,
         backup_dir=backups,
         config_dir=config_dir,
-        http01_port="80",
+        http01_port=80,
         temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"),
         in_progress_dir=os.path.join(backups, "IN_PROGRESS"),
         work_dir=work_dir)