I did some more digging, and I think I may have something new to try...
Our cert generation log shows the following:
Code:
[Fri Oct 26 13:19:46 2018 GMT] Domain List (2 domains) = rosetoasters.com www.rosetoasters.com
[Fri Oct 26 13:19:46 2018 GMT] Loaded/generated Let's Encrypt account key.
[Fri Oct 26 13:19:46 2018 GMT] Loaded/generated private key for Certificate Signing Request (CSR) and loaded/generated encrypted CSR for these domains [rosetoasters.com www.rosetoasters.com].
[Fri Oct 26 13:19:47 2018 GMT] Registered/re-registered with ACME server and accepted Terms of Service. Account ID = 14899026
[Fri Oct 26 13:19:47 2018 GMT] Created token file [/tmp/certvalidation/acme-challenge/CwVGJ_XCzByh6eBl_nzabYaPTHXkqkTFsaybK82kOaE] for domain verification.
[Fri Oct 26 13:19:47 2018 GMT] Created token file [/tmp/certvalidation/acme-challenge/HYhTPZT83FjFWghh0oRS29RweWsNihti011OfRJZ94M] for domain verification.
[Fri Oct 26 13:19:49 2018 GMT] Domain verification results for 'rosetoasters.com': error.
Invalid response from http://rosetoasters.com/.well-known/acme-challenge/CwVGJ_XCzByh6eBl_nzabYaPTHXkqkTFsaybK82kOaE: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>300 Multiple Choices</title>\n</head><body>\n<h1>Multiple C"
[Fri Oct 26 13:19:49 2018 GMT] Deleted token file [/tmp/certvalidation/acme-challenge/CwVGJ_XCzByh6eBl_nzabYaPTHXkqkTFsaybK82kOaE] used for domain verification.
[Fri Oct 26 13:19:52 2018 GMT] Domain verification results for 'www.rosetoasters.com': error.
Invalid response from http://www.rosetoasters.com/.well-known/acme-challenge/HYhTPZT83FjFWghh0oRS29RweWsNihti011OfRJZ94M: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>300 Multiple Choices</title>\n</head><body>\n<h1>Multiple C"
[Fri Oct 26 13:19:52 2018 GMT] Deleted token file [/tmp/certvalidation/acme-challenge/HYhTPZT83FjFWghh0oRS29RweWsNihti011OfRJZ94M] used for domain verification.
[Fri Oct 26 13:19:52 2018 GMT] Could not generate the certificate--request_certificate() failed: Error creating new cert :: authorizations for these names not found or expired: rosetoasters.com, www.rosetoasters.com
The "300 Multiple Choices" phrase that shows up twice in the domain validation lines is interesting. So I looked for it in the Lets Encrypt support pages and ran across the following:
community.letsencrypt.org/t/300-multiple-choices/35952
Essentially, it is saying that if you have an AAAA record in your DNS it will cause problems for Let's Encrypt cert generation... This is *new* information that we have not been previously aware of.
It turns out that you do have a AAAA record in your DNS per digwebinterface.com (see last line below)
Code:
rosetoasters.com. 3599 IN A 50.19.253.65
rosetoasters.com. 21599 IN NS ns1076.ui-dns.biz.
rosetoasters.com. 21599 IN NS ns1067.ui-dns.org.
rosetoasters.com. 21599 IN NS ns1040.ui-dns.com.
rosetoasters.com. 21599 IN NS ns1091.ui-dns.de.
rosetoasters.com. 21599 IN SOA ns1067.ui-dns.org. hostmaster.1und1.com. 2017060103 28800 7200 604800 600
rosetoasters.com. 3599 IN MX 10 mail.rosetoasters.com.
rosetoasters.com. 3599 IN AAAA 2607:f1c0:100f:f000::2c3
Therefore, please remove any AAAA records from your DNS ... let us know when you have done that... We will have to wait a bit again. (usually a day or less)
I understand you may be a bit frustrated, but this is why we explicitly state that this is advanced stuff... there is really not a way to make it easier. 
Topic Author
