That usually means that the password for the key is the correct one, but the key doesn’t match the config file.
The password also works for that key, and restic got one step further: it could also successfully decrypt the config file. So this is probably the correct key. However, the lock files are either damaged or from a different repository. You can use restic unlock --remove-all to remove the broken lock file. Afterwards, the repository is hopefully accessible again.