When using the the <Perl> directive in the apache conf to automatize some site configuration, certbot fails parsing, and in particular, will not renew the certificates (in my case this is for the <Perl> directive, but the issue is more general for any non supported mod_* plugins, see #9558).
According to the discussion in the bug report, this is not going to change.
So, aside to manually comment the configuration, renew the certificates and de-comment the relevant conf section, and perhaps make a small script that does that, is there any cleaner way to address this issue ?
Thank you, but indeed what I don't know (or better, misunderstood) is the role of the Certbot apache plugin.. my dumb idea was that it was needed to automatically collect the information required for the renewal from the apache site configuration, not to write the https parts of the configuration....
Certbot plugins mainly have an authenticator function, where it can take care of processing and serving the ACME challenge, provided by the ACME server. E.g.:
the standalone plugin will spin up a HTTP server on port 80 to serve the challenge;
the webroot plugin will put the challenge token in the specified webroot-path;
and the apache and nginx plugins will somehow modify the webserver configuration to serve the challenge token (both do in different ways I believe).
And with the apache and nginx plugins, their authenticator function will also read the webserver configuration to be able to present the user with a list of possible hostnames to enable HTTPS on.
But some plugins also have an installer feature, such as the apache and nginx plugins. They will read the webserver configuration file, select the relevant HTTP virtual host section and, if the certificate gets successfully issued, use the HTTP vhost section to generate a HTTPS vhost section and, if requested (which is the default I believe), modify the HTTP section to redirect to HTTPS.
So if you don't really need the plugin to generate a HTTPS section for you (i.e., you can write it yourself and add the HTTP to HTTPS redirect yourself et c.) and you don't need the initial list of hostnames selected from the webserver configuration file (e.g., if you already know which hostnames you want to get a certificate for using the -d option), then you might also perhaps just use the webroot plugin.
Also, for Apache you might want to look into mod_md and switch away from Certbot entirely.