The domain has a DNSSEC configuration issue, breaking it for many resolvers, including Google Public DNS and the Let’s Encrypt validation system.
http://dnsviz.net/d/jodumont.com/dnssec/
The domain has DS records set at the registrar (Namecheap), but the current DNS servers (also Namecheap) don’t sign the zone.
Going by the algorithm in the DS records, perhaps the domain previously used Cloudflare’s DNS service? Namecheap’s DNS service actually does support DNSSEC* but i’ve only seen them use a different algorithm.
You’ll need to go to the Namecheap control panel and delete the DS records. It’s possible it won’t let you – using their DNS service tends to reduce your direct access to the low level settings – and you’ll have to contact their customer service.
You might want to enable their DNSSEC service too, but it may not work, and the old DS records still have to be removed regardless.
* Partly. I haven’t seen it work all the way.
Edit: Sometimes Namecheap does get DNSSEC right.