This may not be your only problem, but your DNS delegation is inconsistent: Your registrar thinks your DNS servers are ns-1562.awsdns-03.co.uk, ns-920.awsdns-51.net, ns-1113.awsdns-11.org, ns-84.awsdns-10.com, but your DNS zone thinks they are ns-382.awsdns-47.com, ns-751.awsdns-29.net, ns-1442.awsdns-52.org, ns-2022.awsdns-60.co.uk. We've seen this with AWS Route 53 DNS a few times over the past few months, though it's not clear (at least to me) if it's because AWS is changing DNS servers without telling anyone, or if it's just a configuration which was broken all along but something (either on Let's Encrypt's validation side or on the AWS side) got stricter about it recently.
You need to make sure that the 4 nameservers listed under "Hosted zone details" in the Route 53 console are the same ones listed at both your registrar, and in the NS record for your zone. (Refer to "Step 4" of the documentation for using Route 53 as your DNS.)