This has not happened before during a Cyberpanel update…
CP is on baremetal Centos 7…but was firewalled (HTTP) from external network.
The managed websites all had valid/unexpired letsencrypt certs – I use manual DNS to update them.
They all got over written with self-signed certs.
I had to restore the certs from backup…