The reason that this only turned up now could be that the Apache plugin was changed in a recent Certbot release to use a different way of editing your Apache configuration files, in response to this issue on the server side:
So perhaps the renewal was previously working OK using the apache authenticator, and then the Certbot upgrade resulted in its no longer being compatible with your configuration.