You're requesting a certificate for intercepthorizons.com, so you need to create an A record for that domain as well. Not just ucs-1420.intercepthorizons.com.
Do not exactly understand the purpose of assign an IP address to the entire domain ? route 53 does not allow me to do that and am sure AWS did not got it wrong. Maybe you mean something else
Thanks for coming back, I know what was doing wrong in the Let's encrypt app it was requesting the domain and got it wrong. When change it to the full FQDN of the server it went ok and Thunderbird app on my laptop already pick it up as an exception.
The only issue and still the same is that i cannot send e-mails just receive. I believe this as nothing to do with the certificate and is something else preventing it