It so happened that our web server had not restarted for very very long. It kept a copy of the SSL certificate in memory when it started up a long time ago, unaware that letsencrypt had pulled the carpet underneath it and renewed the certificate. The idea is to reload