Thanks for sharing back!
Note: RedHat and only if one had mod_lua installed/enabled. Fix was simple - unload mod_lua and restart apache services.
For others ... the RedHat Family (RHF) and distros that used to be based upon RHF (like CentOS) has changed. While CentOS continues on with 8 they are not in the same relationship they used to be with RH. And, there now alternatives to CentOS - Rocky and Alma.
Matter of fact, am working with an OP that host on ImotionHosting with a robust setup (WHM/cPanels) and one of the servers is still CentOS 7 but they offer an option to upgrade to Alma Linux ... in place and it's a one button click!
OP has done one of the 2 servers OP runs and appears to have worked well. Let's hope that's true of the second when OP pulls the trigger on that one!
But, good to know that RH has mod_lua enabled by default and the fix.
Many moons ago, I was like a kid in a candy store ... loaded up servers with a lot of bells and whistles to see that they could do/learn 'em, but as time went along and more and more 'black hats' messed with servers, decided it best to reduce the attack surface ... run only what one needs to run the apps - like Moodle.
Since then, have also started to look at what one can do with firewalls and addons for security ... one that has been around for a while, mod_evasive, is proving to help given the state of 'wild west' internet and 'script kiddies'.
'SoS', Ken