Let's Encrypt registrations (that's our term for them) work differently than accounts with most other services. In order to use or change an existing registration, you need to have its private encryption key. (This is separate from your certificates' private keys.) The email address on a registration is used only for notifications, not as access control or proof of ownership.
The only things that a hostile former employee could do with a Let's Encrypt registration are:
Revoke existing certificates that were requested using that registration.
You can mitigate this by using a new registration to request new certificates early, and switching to those new certificates.
This could only happen for a maximum of 30 days, and isn't likely to be useful for them. We recommend monitoring Certificate Transparency logs if you're concerned. You could also temporarily add CAA records to prevent issuance.
Adding on to James' comment ... Your website is currently managed by Cloudflare. You should check any account there.
You may be using Let's Encrypt certs for your Origin Server for HTTPS connections between your server and Cloudflare. Or, other subdomains. But, clients connecting to your bixbit.io site see a cert from Cloudflare.
Let's Encrypt will issue certificates for any websites unless prohibited by law or the request of the domain owner / operator.
Only the owner of bixbit.tech/bxb.to can determine what is or is not issued for those domains.
If you have concerns about the content those domains Let's Encrypt is not the correct place to take up the matter. You should work with the registrar or hosting provider. There are also various legal avenues