stop nginx and retrieve letsencrypt cert

debian/gitlab.templates

@@ -25,7 +25,8 @@ _Description: Enable https?
  (startssl.com) or WoSign (buy.wosign.com/free) offer free SSL certificates.
  .
  letsencrypt package may be used to automate interaction with Let’s Encrypt to
- obtain a certificate.
+ obtain a certificate. Nginx must be reloaded after the certificate and key
+ files are made available at /etc/gitlab/ssl.
 
 Template: gitlab/letsencrypt
 Type: boolean
@@ -38,5 +39,6 @@ _Description: Use Let's Encrypt?
  Otherwise, certificate and key files have to be placed manually to
  /etc/gitlab/ssl directory as 'gitlab.crt' and 'gitlab.key'.
  .
- Nginx must be reloaded after the certificate and key files are made available
+ Nginx will be stopped, if this option is selected, to allow letsencrypt to use
- at /etc/gitlab/ssl.
+ ports 80 and 443 during domain ownership validation and certificate retrieval
+ step.

debian/postinst

@@ -86,6 +86,9 @@ case "$1" in
           /etc/gitlab/ssl/gitlab.crt
           ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
           /etc/gitlab/ssl/gitlab.key
+	  # Port 80 and 443 should be available for letsencrypt
+	  invoke-rc.d nginx stop
+	  letsencrypt -d ${GITLAB_HOST} certonly
         fi
       fi
 
@@ -98,6 +101,8 @@ case "$1" in
         echo "nginx example configuration file not found"
         exit 1
       fi
+      # Start nginx
+      invoke-rc.d nginx start
     else
       echo "Failed to retrieve fully qualified domain name"
       exit 1