Let's Debug

Test result for id-rsa.pub using http-01

No CAA record on id-rsa.pub (wildcard=false) contains the issuance domain "letsencrypt.org". You must either add an additional record to include "letsencrypt.org" or remove every existing CAA record. A list of the CAA records are provided in the details.
id-rsa.pub. 0 IN CAA 0 issue "amazonaws.com"

Submitted Apr 30 01:43:55 2018. Sat in queue for 8ms. Completed in 0s. Show verbose information.