My web server is (include version): Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.2 LTS
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
Previously, my certificate worked for all ports on this domain, but it appears that it only renewed for port 443, and not any of the other ports - says that the certificate expired in Jan 2018 (yes, been a while since I’ve needed to use these ports again).
I thought all ports would point at the same certificate on my server, so how can one be valid and one expired?
Well, based on the response from port 8102, I would guess the problem is this:
When Certbot renews certificates, it generally reloads the web server (that it knows about it), to force the web server to read the new certificate and begin using it. In your case, it reloads Apache.
The Node.js server you have on :8102 isn’t fronted by Apache, and Certbot doesn’t know it exists. So, even though the certificate was renewed, nobody restarted the Node.js server in order to reload the certificate.
Generally I find that the best production setup is to have Apache (or any web server) to handle SSL for all of your applications, and act as a reverse proxy to them (using mod_proxy). That way, only Apache needs to know about your certificate, and Node.js doesn’t need to know anything about HTTPS.
