You literally have to go to the folder
/var/lib/docker/volumes/global-nginx-proxy_certs/_data and delete (or rename) the files. They will be named
yourdomain.key. If you have more than one site, don’t touch the ones that are working.
If you delete (or rename) those, the renew (or disable/enable) will work again.
The fix (for rtcamp) as far as I can see is to configure nginx to allow letsencrypt access the
/.well-known/acme-challenge/ url on port 80 without redirecting to https. Then it will renew even when it has expired.