We have a domain name registered via Godaddy well over a decade ago, and historically the DNS was being hosted with Godaddy also. Looking back, I guess we should have moved it to some other DNS hosting, but at the time, keeping it with Godaddy didn't seem like such a bad idea: what can possibly go wrong?
Well, Godaddy has been doing some housekeeping recently, and as a part of it they decided to migrate our account to a different server. That involved changing the main IP address on our account. You probably see where this is going.
They must have thought it would help us a lot if they updated our A-records to their new IP address. Including those that at the time did not point to the old IP address.
I would think in such a case, before making such an important and potentially disruptive change, one would doublecheck with a simple if-else whether the currently configured A-record points to the deprecated IP address, and only interfere if it indeed does. But then maybe in their circumstances this was not possible?
Either way, as a result, we got our A-records updated and woke up to some of our systems showing SSL certificate errors.
Lesson learned, I guess.