Sometimes you may need to manually request a certificate from Let's Encrypt. The easiest wat to do this is to run certbot manually from the most current Docker image:
docker run -v `pwd`/cert:/etc/letsencrypt/archive -it certbot/certbot certonly --preferred-challenges dns --manual
Answer the prompts. You will be asked to create TWO acme challenge TXT records named _acme-challenge.fubar.com (where fubar.com is your domain name).
Note that if you use AWS route53 for DNS management, you will add two lines, one for each TXT value, in the dialog data field for the _acme-challenge dns record create, instead of creating two TXT records with the same name (this is just how the route53 UI works).
Be sure after creation you ensure that the records have propagated BEFORE you press enter to continue. The certificates will be in ./cert if all goes well