I had the same issue, but, unfortunately, pmatos’s solution didn’t work for me. I’m using Gitlab from docker image gitlab/gitlab-ce:11.3.3-ce.0.
In my case the main reason of the error Validation failed for domain was the fact that during validation process certbot put special file to the directory /var/opt/gitlab/nginx/www/.well-known/acme-challenge/, in my case it was something like:
/var/opt/gitlab/nginx/www/.well-known/acme-challenge/V0kLCyM7gI7q5LNxir0iIL2dSM0RimDgx91MtuBgbf9
Then Letsencrypt trying to request the file http://example.com/.well-known/acme-challenge/V0kLCyM7gI7q5LNxir0iIL2dSM0RimDgx91MtuBgbf9, but in my case this file wasn’t accessible via http!
To solve this issue I added following line to the /etc/gitlab/gitlab.rb:
nginx['custom_gitlab_server_config'] = "location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"
This makes files in the directory /var/opt/gitlab/nginx/www/.well-known/acme-challenge/ accessible via http.
Also I had to temporary turn off https:
letsencrypt['enable'] = false
(with enabled letsecrypt my docker container couldn’t start, when container started without letsencrypt support, I turned this option back).
Also I removed all old certificates from /etc/gitlab/ssl/.
Then I started docker container and run:
gitlab-ctl renew-le-certs
New certificates successfully appeared in /etc/gitlab/ssl/. Then I run:
gitlab-ctl reconfigure
Eventually Gitlab started succssfully!