You need to stop Tomcat if it is running, so that Certbot’s --standalone mode can listen to port 80 instead. Only one or the other can be running.
If Tomcat is listening on a different port (e.g. 8080), then you would also need to use:
--standalone --http-01-port 8080
You can also try use --webroot (avoiding stopping Tomcat), but you need to configure Tomcat for that first. See this post if you want to do that: SSL Certificate in Apache Ubuntu 14.04