Since EAP7.1.0.ER3, there has been added requirement that either ssl-context or security-realm has to be always configured on https-listener. Thus now, when switching between those two, one has to use batch operation for such change, eg.:

batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=httpsSSC)
run-batch

We have 3 examples for undefining the security-realm in https-listener in our Security guide doc. Please update those so they use batch operation for this.