If the password it’s rejecting is not your most recent but is in your last *n* passwords, then it’s just comparing the hashed version of your password to the last *n* hashed versions and all is as it should be.

But that’s not what you’ve described. If it’s rejecting your *current* password, then your password has been marked as expired/invalidated. There’s a bunch of possible reasons. Some of them:

You’ve entered an incorrect password too many times, and now you’ve finally gotten it right when you do the reset (this has happened to me)

Some kind of auto-login using a saved password has been trying to connect using an out-of-date password (unusual in the modern web but I’m sure there’s a coder out there who’s capable of re-introducing this problem into the world)

Someone trying to get into your account has entered an incorrect password too many times

The company/website has reason to believe they’ve been compromised and they’re forcing all users to move to a new password

The company/website has changed their policy on password strength and is forcing users to pick a new password. In this case your existing password was already compliant but the force is a blanket one

The company/website expires passwords periodically but somehow their comms to you weren’t clear that this is what’s happening