I have to add the new server's FQDN as a SAN on the SSL certificate, and then reissue the certificate, and then reinstall the certificate, and then rerun the configuration wizard, and hope that that's actually what is causing the problem
God I hate SSL certificates.
edit: Wrong! As it happens I just needed to correct the FQDN for O365 to access the web directories on the on prem server. Too bad I already regenerated the cert.