Morning Jane,
ok, so to be clear here, this has nothing to do with LetsEncrypt.
The NetAcme class in NetTalk has the job of looking after your certificates - both the public ones (which it uses an online service, like LetsEncrypt), AND the local ones (which uses OpenSSL.) When a certificate is "nearing expiry" it will automatically attempt to replace it. This is true for local intranet, and internet ones.
As you note, your cert expires on 19 august, so we are now in the 30 day window for renewal. Which is what happened - it generated a new local cert for you (wasn't that helpful!)
So to clarigy the cause
>> It appears that yesterday [NetTalk] helpfully decided that my certificate was too stale for its taste.
I'm stressing this point here because I don't want there to be any FUD about the LetsEncrypt service, or its certificates. LE was not in play here, NetTalk was.
The time boundary is an equate in netacme.inc
CERTEXPDAYS Equate(33)
so one approach is to make this equate smaller.
I _think_ removing the CA Account field will also inhibit it. Without this field it can't create certificates either way. (I guess you'll let me know later today.)
Cheers
Bruce