I’m seeing that previous posts state a policy on this matter, but I’m not sure if this is still the case. https://letsencrypt.org/2015/10/29/phishing-and-malware.html
Another options is at the bottom of this page. https://letsencrypt.org/repository/
You can also report it as a Phishing site at https://www.phishing.org/how-to-report-phishing (several links) and https://safebrowsing.google.com/safebrowsing/report_phish/
Revoking the cert will do little to stop this malicious actor.
Additionally, you would do better to lookup the IP, find the hosting provider and contact them or use their abuse email address. Keep in mind that some hosting providers are fronted or directly run by cyber-criminals or criminally minded nation states so you may not get any help at all. It’s a game of whack a mole but we all have to attempt to make the Internet a better place. Best of luck!