But then why does certbot (letsencrypt) itself report that the newly obtained certificate will expire on 2017-05-24? The web server configuration shouldn't influence that output, should it?
I wonder if it's the same issue as this?
If so, @Philiiiiiipp, you may find that the symbolic links in /etc/letsencrypt/live/leopold.nessys.nl/ are pointing to an old version of the certificate, but the newer one is in /etc/letsencrypt/archive/leopold.nessys.nl/ and the symbolic links need to be updated manually.