Can you post the logs in /var/log/letsencrypt so we can get more info, please?
This usually means the domain is blacklisted/not allowed to be used with letsencrypt.
I’ve seen this before with trying to get a certificate for a .onion domain on the TOR network as well as any addresses that end in amazonaws.com (eg, ec2-xx-xx-xx-xxx.eu-central-1.compute.amazonaws.com)
Are you using a standard .com .org .net (or any other common TLD) domain name or is it a .onion/.amazonaws.com domain?
Is the domain resolvable from the internet, as in, do you have public DNS set up that is pointing to the domain?
You said you are on AWS - So you’ll need to have an actual domain registered with public DNS pointing to the server. The .amazonaws.com domain that is registered to an AWS EC2 instance will not work as they are blacklisted as ‘high risk’ domains.
The reason for this is that they are ephemeral - You might have it today, but if you terminate that instance, someone else will have it tomorrow.
Let me know how you go with the above info.