It produced this output:
Processing /etc/letsencrypt/renewal/kw-m1.orchit-dev.de.conf
The following certs are not due for renewal yet:
/etc/letsencrypt/live/kw-m1.orchit-dev.de/fullchain.pem (skipped)
No renewals were attempted.
My operating system is (include version): Ubuntu 16.04
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
What web server is being used? How is it configured? Is it configured to use the correct certificate at the correct path? (/etc/letsencrypt/live/kw-m1.orchit-dev.de/.) Has it been reloaded or restarted since the certificate was renewed? Does it need to be?
Does “certbot certificates” or “sudo openssl x509 -in /etc/letsencrypt/live/kw-m1.orchit-dev.de/cert.pem -noout -text” show the certificate issued in January, or the one issued in March?
By the way, a typical Certbot setup would have started trying to renew the certificate around March 16 (30 days before expiration). Yours seemingly either didn’t try, or tried but didn’t succeed, until March 25.
You should make sure there’s a cron job or equivalent (systemd timer?) to run “certbot renew” 1-2 times a day (it will exit without doing anything if no certificates need to be renewed), and check /var/log/letsencrypt to see if and why it was failing.