I would bet that the box is suffering from a hack. Do a:
netstat -lnp
And see what is running on port 443. I would bet that it’s not apache. You need to kill the process using 443 and then investigate how they got in and close the hole. The hole is usually an outdated web app (phpbb, phpnuke etc).
This usually happens when an a worm, usually a php based one that gets in via an old version of phpBB, or postnuke, or some script like that.
First I’d run this command to see what process is hanging onto port 443 and preventing the restart from working:
netstat -lnp | grep 443
the PID of the process will be listed there, and you can kill it directly
kill -9 <pid here>
You may have to repeat this a couple times if there are multiple processes.
Once you get apache back up, you need to figure out where the worm/hacker is getting in. This can be difficult, but the places to look for evidence of the worm or hacker are
/tmp/
/var/tmp/
/dev/shm/ (look for strange files or directories in these directories)
/var/log/httpd/error_log (sometimes you’ll see output of “wget” in here)
and finally the transfer logs for the sites, which are in /home//var//logs/transfer.log files