Just noticed a mention in passing in this article <https://www.theregister.com/2023/06/28/microsofts_github_gmp_project/> that Let’s Encrypt was issuing bad certificates over a period of about an hour earlier this month <https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/648b36899c7c1405303ea8c4>. An explanation of what went wrong (from a third party who does monitoring of CA (mis)behaviour as part of his job) is here <https://www.agwa.name/blog/post/last_weeks_lets_encrypt_downtime>. Seems like many of the people affected were still using their bad certificates a week after the incident. Did you have one of the bad certificates? That article mentions a new addition to the ACME auto-renewal protocols that would allow clients to resolve a glitch like this in future without any manual intervention.