Renew cert with a GitLab instance produce error

I have installed with omnibus and configured GitLab with https.

I used letsencrypt for this task.

Everything is running on a CentOS 7 server.

I have tried to mannually renew the cert with the following command :

certbot renew

but it fail :

Attempting to renew cert (domain) from
/etc/letsencrypt/renewal/domain.conf produced an unexpected error:
Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/domain/fullchain.pem (failure)

I have searched around and it looks like it’s because I have a running web server, but when I check any running service I have the following output :

systemctl status nginx

Unit nginx.service could not be found.

systemctl status httpd

Unit httpd.service could not be found.

I checked port 80 and 443 to see if they’re taken with my custom script :


function is_port_free {
    netstat -ntpl | grep $1 -q ;
    if [ $? -eq 1 ]; then
        echo "free"
        echo "taken"

port80=$(is_port_free 80)
if [ "$port80" == "taken" ]; then
    echo "Port 80 is taken"
    echo "Port 80 is free"

port443=$(is_port_free 443)
if [ "$port443" == "taken" ]; then
    echo "Port 443 is taken"
    echo "Port 443 is free"

Here is my output :

Port 80 is taken
Port 443 is taken

And here is my cron :

0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

Do I have to stop my gitlab instance with gitlab-ctl stop, renew cert with certbot renew and start gitlab gitlab-ctl start ?

I don’t really like this solution, because my gitlab is on production.