I ran this command:
certbot --apache (as I have been doint this for 2 years now with this domain, all three months)
It produced this output:
Detail: During secondary validation: DNS problem: SERVFAIL looking up CAA for www.suite-leon-crete.com - the domain's nameservers may be malfunctioning.
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
My web server is (include version):
Installed Packages on RHEL 9.4:
Name : httpd
Version : 2.4.57
Release : 8.el9
Architecture : x86_64
Source : httpd-2.4.57-8.el9.src.rpm
Repository : @System
Summary : Apache HTTP Server
The operating system my web server runs on is (include version):
RHEL 9.4
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.9.0
This may not be your only problem, but your DNS delegation is inconsistent: Your registrar thinks your DNS servers are ns-1562.awsdns-03.co.uk, ns-920.awsdns-51.net, ns-1113.awsdns-11.org, ns-84.awsdns-10.com, but your DNS zone thinks they are ns-382.awsdns-47.com, ns-751.awsdns-29.net, ns-1442.awsdns-52.org, ns-2022.awsdns-60.co.uk. We've seen this with AWS Route 53 DNS a few times over the past few months, though it's not clear (at least to me) if it's because AWS is changing DNS servers without telling anyone, or if it's just a configuration which was broken all along but something (either on Let's Encrypt's validation side or on the AWS side) got stricter about it recently.
You need to make sure that the 4 nameservers listed under "Hosted zone details" in the Route 53 console are the same ones listed at both your registrar, and in the NS record for your zone. (Refer to "Step 4" of the documentation for using Route 53 as your DNS.)