I've split out this topic since it's a different root cause than the previous thread. This is related to the issuance-time CAA checking we just enabled. One of the domains on that certificate is failing CAA checks. This is the error Boulder is supposed to show you:
unable to create new cert: Rechecking CAA: DNS problem: SERVFAIL looking up CAA for prixharmonie.com, DNS problem: SERVFAIL looking up CAA for www.prixharmonie.com
Unfortunately, there appears to be a bug that is turning this into a generic ServerInternal error with no additional detail. We'll fix that bug in next Thursday's release.
The immediate fix is to issue a certificate without prixharmonie.com and www.prixharmonie.com, and contact the owners of that site to see about fixing their DNS. See Certificate Authority Authorization (CAA) - Let's Encrypt for more documentation about CAA debugging. You could also, of course, continue to use any current certificate closer to expiry, in order to maximize the opportunity for prixharmonie.com to fix their DNS.
If you or anyone else experiences consistent 500's for new-cert between now and September 7, when we expect to deploy a better error message, a quick and easy test to see if it's the same issue is to run dig caa example.COM @8.8.8.8 (note intentionally mixed case) for each domain in the certificate. Note that Let's Encrypt's nameservers are slightly stricter than 8.8.8.8, so it's possible this may miss some issues, but it should catch most of them.