In general, I think the easiest way to move a site to a different server is to first request a new certificate on the new server using certbot's --manual plugin. This allows you to validate the domain by manually creating a file on the site, which you can do on the old server while the DNS is still pointing at it, even though certbot itself is running on the new server. Then you can test using your hosts file and make sure everything is working properly before you make any changes to the DNS. Once you have everything migrated and the DNS pointed at the new server, remember to get a new certificate with --webroot or another plugin (or directly modify the configuration) so that renewals will work correctly.
I'm not sure if it's too late for you to do this; your site (if indeed it is the one you forgot to redact in one place in your post) seems to be working fine at the moment. If that's because the DNS is still pointing at your old server, you can probably still try the above. If it's because you managed to fix it on your own... great!
This may be because you've enabled HTTP Strict Transport Security (also known as HSTS). If you want to disable this while you're testing things, look for strict-transport-security in your configuration and temporarily set the max-age to 0.