While I agree with you both that using 0 0 should be avoided, Certbot should wait for a random amount of time before it would actually start renewing. But I'm not sure if running Certbot in Docker would mess up the whole non-interactive detection code 
You're using the run subcommand in your Docker code. For renewals, you should use the certbot renew subcommand. run should only be used for getting/installing new certificates.
You can test renewing with the --dry-run option. But that might not detect spurious problems with the production environment.