Test all your server ports that are in some way being served via SSL, not only the HTTPS 443 port: every service that is using OpenSSL are potentially vulnerable, not only Apache. These include 993 (POP3/SSL), 995 (POP3/SSL) or 465 (SMTP/SSL). You must test all SSL ports, even if you don’t have a valid SSL certificate (i.e. are using a self signed certificate), as the information leaked could be anything, not only private keys – use the “Advanced (might cause false results): ignore certificates” option to test if your SSL certificate is invalid. Also, don’t forget other non-standard ports, often used by control panels such as Plesk or CPanel.