Let’s Encrypt has deprecated the TLS-SNI-01 validation method. That’s automatically not used for latter versions of Certbot: 0.28+ The trouble is that I prevent certbot from self-upgrades on casual runs. So you’ll need to update it manually on your servers.
sudo /srv/primero/letsencrypt/certbot-auto renew -n --pre-hook "service nginx stop" --post-hook "service nginx start"