Below is what I do now to get certs without stopping apache.
in /etc/letsencrypt/cli.ini I have:
authenticator = webroot
webroot-path = /var/www/
server = https://acme-v01.api.letsencrypt.org/directory
domains = mydomain.foo
./letsencrypt-auto --config cli.ini auth
I will let cron run every 60 days to renew the certs.
I think thats the best solution for me at the moment.