diff --git a/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf b/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf
index 9f8389408..0eecd13ed 100644
--- a/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf
+++ b/data/etc/apache2/conf-available/freedombox-tls-site-macro.conf
@@ -7,9 +7,6 @@
             ServerName $domain
             DocumentRoot /var/www/html
 
-            ErrorLog ${APACHE_LOG_DIR}/error.log
-            CustomLog ${APACHE_LOG_DIR}/access.log combined
-
             SSLEngine on
 
             # Disable TLS1.1 and below. Client support: Firefox: 27, Android:
diff --git a/data/etc/apache2/conf-available/freedombox.conf b/data/etc/apache2/conf-available/freedombox.conf
index d493cc0de..95023151d 100644
--- a/data/etc/apache2/conf-available/freedombox.conf
+++ b/data/etc/apache2/conf-available/freedombox.conf
@@ -145,4 +145,7 @@ RedirectMatch "^/$" "/plinth"
 ##   journalctl --identifier apache-error --output cat > error.log
 ##
 ErrorLog "|/usr/bin/systemd-cat --identifier=apache-error"
+# Remove timestamp at the beginning from the default log format. journald
+# records its own timestamp.
+ErrorLogFormat "[%-m:%l] [pid %P:tid %{g}T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
 CustomLog "|/usr/bin/systemd-cat --identifier=apache-access" vhost_combined
diff --git a/plinth/modules/apache/__init__.py b/plinth/modules/apache/__init__.py
index 9d78c1e99..c0dffcae3 100644
--- a/plinth/modules/apache/__init__.py
+++ b/plinth/modules/apache/__init__.py
@@ -21,7 +21,7 @@ class ApacheApp(app_module.App):
 
     app_id = 'apache'
 
-    _version = 10
+    _version = 11
 
     def __init__(self):
         """Create components for the app."""
diff --git a/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf b/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf
index 9e20fb6dc..25a0c8335 100644
--- a/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf
+++ b/plinth/modules/apache/data/etc/fail2ban/jail.d/apache-auth-freedombox.conf
@@ -1,3 +1,6 @@
 [apache-auth]
 enabled = true
-backend = auto
+# Tweak the filter regex to work with journal format. Use apache-error as the
+# syslog facility
+filter = apache-auth[logtype="journal",logging="syslog",_daemon="apache-error"]
+journalmatch = SYSLOG_IDENTIFIER=apache-error
diff --git a/plinth/modules/apache/privileged.py b/plinth/modules/apache/privileged.py
index 3e0f35e26..812df5c1f 100644
--- a/plinth/modules/apache/privileged.py
+++ b/plinth/modules/apache/privileged.py
@@ -89,6 +89,9 @@ def setup(old_version: int):
         webserver.enable('rewrite', kind='module')
         webserver.enable('macro', kind='module')
 
+        # Disable logging into files, use FreedomBox configured systemd logging
+        webserver.disable('other-vhosts-access-log', kind='config')
+
         # Disable /server-status page to avoid leaking private info.
         webserver.disable('status', kind='module')