I have a test server https://behit-dev.atomik.app and the auto-renew was failing (that's not the issue, see below).
We have Apache listening on ports 80/443 and forwarding to a Tomcat in the back via mod_jk (Working with mod_jk)
The only way the cert renew worked, was by manually removing the configuration on the site*.conf files for the mod_jk that makes Apache talk to Tomcat, that is:
<VirtualHost *:80> ServerAdmin firstname.lastname@example.org ServerName behit-dev.atomik.app ErrorLog /var/log/apache2/domains/behit-dev.atomik.app/error.log CustomLog /var/log/apache2/domains/behit-dev.atomik.app/access.log combined **JkMount /* atomik <<< NEEDED TO COMMENT THIS**
Did the same on the ...le-ssl.conf site file, just commented the JkMount line.
With that the renew worked. Now my question: how can I automate the renewal without manually logging to the server and commenting the site config files?
Of course, after that, I need to uncomment everything manually again.
I don't know the internals of the certbot and the auto-renew process, I just see on my logs that a cron runs daily trying to renew, and some snap stuff. If I can access the script to add something that comments the JkMount line, that would be useful.
Also if you have any tips on how to automatically renew on this context it will be much appreciated, maybe I'm missing something.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):