Thank you for your quick response:
~$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
verifying the signature of the certificate located at /etc/letsencrypt/live/aws.osmium.app/cert.pem has failed. Details:
Traceback (most recent call last):
File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/crypto_util.py", line 308, in verify_renewable_cert_sig
verify_signed_payload(pk, cert.signature, cert.tbs_certificate_bytes,
File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/crypto_util.py", line 333, in verify_signed_payload
public_key.verify(
File "/snap/certbot/3024/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 571, in verify
_rsa_sig_verify(
File "/snap/certbot/3024/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 322, in _rsa_sig_verify
raise InvalidSignature
cryptography.exceptions.InvalidSignature
Renewal configuration file /etc/letsencrypt/renewal/aws.osmium.app.conf produced an unexpected error: verifying the signature of the certificate located at /etc/letsencrypt/live/aws.osmium.app/cert.pem has failed. Details: . Skipping.
This seems to be the problem? Or no, you are right, the IP addresses should be the same! I'll double check this and write back soon.
Yes, I have to confess that I have two server blocks with aws.osmium.app - it happened at setup and nginx -t warns about it but says it's OK. I didn't want to take the risk to mess with those serverblocks as we're running some production loads, so decided to let it be.