SUCCESS!

I was able to retrieve the private key. But it wasn't easy. Here's what you need to do:

1. Make sure you do not restart the server or Apache. The game is over at that point. That also means making sure that no monitoring services restart Apache.
2. Grab this file - source code for a tool named passe-partout.

3. Extract the source code and adjust line 9 of Makefile.main to read:

   $(CC) $(CFLAGS) -o $@ $(OBJS) $(LDFLAGS)
   

   (Notice that the $(OBJS) and $(LDFLAGS) are reversed in order.)

4. Run ./build.sh.

5. Grab the PID of Apache using:

   service apache2 status
   

6. Run the passe-partout command as root:

   sudo passe-partout [PID]
   

   ...where [PID] is the value you retrieved in step #5.

7. If the program succeeds, your current directory will have a bunch of extra keys:

   you@server:~# ls
   id_rsa-0.key  id_rsa-1.key  id_rsa-2.key
   

If all went well (and hopefully it did), one of those keys is the one you need. However, if you had more than one certificate/keyfile in use, then you need to figure out which one it is. Here's how you do that:

First grab a copy of the certificate that matches the signed key. Assuming the file is named server.crt, run the following command:

openssl x509 -noout -modulus -in server.crt | openssl md5

This will output a value that you will need to match against each of the keys. For each key, run the following command:

openssl rsa -noout -modulus -in id_rsa-0.key | openssl md5

If one of them matches, you've found the key.

_{Credit: this article pointed me to passe-partout.}