after installing (and setting to default) Apache2 I was not able to visit any of my websites - always err 403.
I had to set Directory / to "Require all granted" in http.conf. I would consider this a security risks and not the way it is supposed to be configured.
Can you tell me, why this happens after an "upgrade" from apache? I know, the apache syntax changed in version 2.4 but i assume you tested an upgrade scenario and I also assume it worked in your labs.
So there has to be any difference between your configs/vhosts and mine.
----------------------- Don't you dare to ask for root details!