At the moment, public records – which may be about 2 hours old – show that you most recently issued several certificates on March 4 and March 5, all of them 2048 bits.
One of them covers only
joyal.in; the other 3 cover both
It’s possible that your recent commands only replaced one of the certificates. (Probably the one that covers both names.)
These commands might be interesting:
openssl x509 -in /etc/letsencrypt/live/joyal.in/cert.pem -noout -text | egrep 'Before|DNS|Public-Key'
openssl x509 -in /etc/letsencrypt/live/www.joyal.in/cert.pem -noout -text | egrep 'Before|DNS|Public-Key'
Indeed, you probably don’t need to have two separate certificates…
letsencrypt commands did you run recently?
One 4096-bit certificate covering both names was issued an hour or two ago. (04:28 UTC.)