I installed Letsencrypt and dehydrated following the wiki page about two months ago and got valid certificates. When my renewal script ran, no errors were generated, new certificates were issued, but they were not valid. I ran step by step through the wiki several times, and ran dehydrated and generated several generations of invalid certificates without errors.
Long story short -- after much head scratching, hair pulling and a few choice words, checking and rechecking installation steps, I found in the /etc/dehydrated/config file this line:
# CA="
https://acme-staging.api.letsencrypt.org/directory"
had lost the # and was uncommented, which caused the script to run in test mode and generate invalid certificates.
Now, I am past 60 (nearly 70) and do not remember everything that goes on around me or what I did, but between the certificate installation and the actual running of dehydrated to renew the certificates, I do not remember touching or even thinking about letsencrypt.
I guess the message is simply, if something does not work check and double check your configuration.
Both the contrib and the wiki are terrific, and do what they need to do.