It sounds like you first created this certificate using the standalone authenticator. This spins up a temporary webserver to respond to the challenge, and is usually used in the case where you don’t have a web server running already. When you run
certbot renew, it uses the exact same parameters that were used for the initial issuance.
You have a few options. First, you could manually edit the renewal.conf file in
/etc/letsencrypt to have the correct setup. A bit more sure-fire, though, would be to simply issue a new one the same way you expect to issue in the future, and then remove the offending certificate using
certbot delete whatever.the.certificate.is.named.com.