I successfully set up everything with the recommended way of the external apache2 and SSL. My only problem: i cannot renew my cert because Gitlab will return a 404.
What i tried in my vhost file:
RewriteCond %{REQUEST_URI} !^./.well-known/.$ [NC]
before the RewriteRule line in the http and the https part, but still no luck.
My apache rewrite howto is a bit rusty, but the final part of your condition seems a bit to strict. It ends with a dot, in this case it doesn’t matter whether that is a literal dot (".") or is used as a regex (which would be any symbol). End after that you have the end of the uri. Also, not sure whether the dot after the “^” is helping. I would try:
!^/.well-known/.*$ as the file in .well-known has some other path elements and hopefully matches the actual path that the file is in.