My web and mail ssl certs have reverted back to self-signed certificates.
If that is the case, then you hadn't set up the signed certificates correctly. What you should have done was to put your certificate and key files somewhere safe on the server, and then do:
/sbin/e-smith/config setprop modSSL crt /path/to/certificate
/sbin/e-smith/config setprop modSSL key /path/to/keyfile
/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot
The SME server would then no longer use the self signed certificate (but might update the self-signed cert from time to time).