Ok, so if the isrg root X1 is now in the trusted roots the then cert should build. You may need to restart the Certify background service as it maintains a cache of trusted roots.
The Let’s Encrypt rate limit should clear fairly soon, you can circumvent it by adding a temporary (valid) domain or subdomain into the cert.
In extreme cases you could switch to a different Certificate Authority (such as BuyPass Go or ZeroSSL) but they will also have roots that need installed.
Your server should already be maintaining trusted roots, so check that you don’t have firewall rules that may be preventing updates (outgoing https calls etc). OS updates are extremely important to maintain for internet facing servers. Ensure you are also using the latest version of Certify.