When looking through the Certificate request log for Letsencrypt, i see that this section is wrong:
"validationRecord": [
{
"hostname": "www.thedomain.com",
"port": "443",
"addressesResolved": [
"164.132.156.123"
],
"addressUsed": "164.132.156.123"
}
That is the old IP of the server, not the new one.
Why and how can it validate using the wrong IP?!
(All the other servers have the correct IP here, so this could be the culprit?)