Long story short: Our current ISP at work's contractor had a fire + explosion at a 'data hotel' (as they call it) downtown, knocking out a fibre-optic cable. Due to a massive snowstorm which we are still digging out of, it took them nearly 2-days to restore our internet by re-routing (the broken cable has still not been restored). Soooo my boss decided to switch to a new ISP that offers more-cheaper bandwidth.

We have an on-premises Ubuntu web server running certbot for auto installation/renewal of an SSL certificate for the domain that points to it.

Here's my question: will this certificate (which isn't due to expire for ~80 days) still work with the new ISP, or will it have to be reissued, or renewed? (I've checked the certbot site and it appears to be a fairly straightforward job, just not sure if it is even necessary)

Certbot wont care who your ISP is, so long as it can write/access the verification data for the relevant domain(s).

With the default setup, auto-renewal attempts start 30 days before expiry (so in ~50 days for you), will retry daily, and 10 days before expiry you get an email warning (assuming an email was provided during setup), which allows you to then check the Let's Encrypt logs to see what's wrong; once fixed you can "sudo certbot renew" to try again.

But yeah, if only your ISP has changed, that presumably just means your firewall has been configured with a new gateway IP, and there's no reason for that to affect Certbot/LE.

Well... unless your new ISP is incredibly idiotic and block the Let's Encrypt verification - but it's all on standard ports/protocols so they're not going to do that.

Thanks Peter!