If you are getting the error:
Attempting to renew cert from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: At least one of the required ports is already taken.. Skipping.
Add hooks to start and stop your webserver in certbot's cron job:
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q r enew --pre-hook "service nginx stop" --post-hook "service nginx start"
And business is good.