I have forgot to renew my Let's Encrypt certificate, and I had HPKP used on my website.
At the moment, I cannot open my website due to the old pinned keys being there. The browser error I get is (on Firefox): MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
What am I supposed to do so my visitors can reach my website again, after I renewed the certificate?
If you're using the certbot client, then clearly you should have read up on HPKP before enabling it.
The Let's Encrypt client actually generates new keys whenever issuing new certificates, regardless of whether they expired or not so pinning your keys will never last you longer than 90 days before you run into issues like the one you're facing.
Right now, your best bet is to look for the archived keys in /etc/letsencrypt and use the one you had pinned to manually generate a CSR and ask Let's Encrypt to issue you a certificate based on that CSR (the client handles that too AFAIK). Then change your HPKP to instead pin a certificate higher up in the certificate chain so it doesn't change every 90 days, drastically reduce its lifetime to a few minutes (since I assume you copy-pasted a setup you found on the Internet) and once you've actually understood the implications of it, consider carefully how, you want to set it up.
