This is a really bad bug. I had a client call me this Canadian Thanks Giving morning reporting that their SSL cert was giving errors. Turns out, the renewal date was last night at midnight and it indeed copies the wrong certificate to the virtual site’s webroot.
For anyone that is experiencing this issue you can workaround using these steps.
First locate the newly generated certificate. This is typically in
/etc/letsencrypt/live/domain.com-0002. You will want the files located in the folder with the largest numeric suffix which indicates the newest renewal.
Second, copy the cert.pem and privkey.pem to the affected webroot to manually overwrite the old certificate and key.
cp /etc/letsencrypt/live/domain.com-0002/cert.pem /home/domain.com/ssl.cert cp /etc/letsencrypt/live/domain.com-0002/privkey.pem /home/domain.com/ssl.key
Third, ensure the domain in question owns the new certiicates.
chown domain:domain /home/domain.com/ssl.cert chown domain:domain /home/domain.com/ssl.key
Fourth, restart your web server Apache/Nginx.
Finally, test to ensure the SSL has taken by visiting the website in question. You can also verify the certificate details in the Manage SSL Certificate panel which should display the proper domain name and a renewal date somewhere 3 months out into the future.