Are you seriously contemplating using a manual procedure to get certificates for a hosting company?
What’s your infrastructure? You have a lot of options, from redirecting .well-known/acme-challenge for all your websites to acme.yourcompany.net and perform validations there with a single certbot, to validate everything over dns-01.
But manually, that’s not the way.
So for each CSR given a set of domains there will be a single certificate order created with Let’s Encrypt. If any of the challenges fail, you’ll probably get an error message Failed Let’s Encrypt authorization check. If you resubmit your CSR, you’ll notice that any of the failed challenges will then have different DNS values. If, on the other hand, the whole order succeeds (ie all DNS challenges pass and you receive your certificate), submitting the same CSR again will result in a new order and thus different DNS values. You’re effectively just renewing your certificate over and over with the same expiration date.
I hope I’ve correctly understood what you’re describing.
Admittedly I agree with your synopsis. Even somewhat automating the process to reduce the workload and potential errors would be very beneficial. If individual clients wanted to issue their own certs, the work would be divided and would put the responsibility in their hands. This solves the scalability problem but still requires individual, manual steps. Honestly, an all-scripted, distributable solution with minimal manual intervention is probably desirable.
I think I might write a couple PHP scripts that can do this in the near future. It could even be called remotely given proper permissions and would only serve as a set of acme hooks for performing the cert process so that it could be included in a local script available to all clients. Basically a one-and-done batch script.
@9peppe
I'm not seriously looking for manual method. But I thought that was the way (correct me if I'm wrong.)
Then coming to my infrastructure it's linux os, no shell, cPanel management, cannot install any other app in cPanel.
I don't know how to do this.
I use PHP if there is some thing in PHP to do like this please let me know.
Like this:
@freessltools.com thanks! You understood that right. But my only requirement is continuing that.
Wait, when you say “I have a hosting company” do you mean you own an hosting company or you are a client of an hosting company?
Because I’ve been operating on the assumption that you own the hosting company, and thus have complete control over your servers, and you want to give your clients ssl certificates from let’s encrypt.
If you’re just a client and have cPanel, there’s a tutorial to get a certificate in a painless way using acme.sh.
Continuing? Each run through the process should give you a cert once you press the validate button. From there you can repeat the process later with the same CSR if you desire to issue a new certificate. Not much point to do so until closer to expiration date. Keep in mind that submitting the same CSR means reusing the same public and thus private keys, which is probably not desirable. Each time you generate a CSR you generally want to use a new private key. By the way, if you read my response to @9peppe you’ll notice I mentioned PHP. 
I may look into that soon.
Basically, you’ve got 4 parts to deal with:
I'm pretty sure this says it all:
I'm assuming his users probably have their own registered domains names with whatever registrar and are using his hosting. This would make the case of file-based authentication probably stronger than DNS-based in terms of not having individual users modifying or providing means of modifying their DNS records. I think the key is having either a mass administrative solution or a local solution configured for each user. What are your thoughts?
I think they should use http-01 with a serverwide rewriterule (Apache) or location block (nginx) to have a single webroot serve .well-known/acme-challenge/ for all of their clients.
What I don’t understand is why is this a reseller’s problem instead of the main company, though.
I assume you're using one of these plans? Shopping Cart - IFastnet
They look expensive as hell when compared to renting a server from the hetzner auction or some vps from scaleway/hetzner/digitalocean and installing ISPConfig yourself.
$30 for 600GB bandwidth? Who are they kidding? I get 6TB for $4.
@freessltools.com what I say continuing is breaking the process in between and waiting for the user to initiate it again. I.e. the script should break till the verification details like TXT records. Then after user prompts continue again and give certs.
Http verification does not work because iFastNet blocks everything other than the browser so dns verification is the only way.
Looks interesting: where’s the catch?
No catch you as a reseller should earn from adverts and also affiliate for promoting iFastNet’s premium service.
No problem stopping to add DNS TXT records. No need to resubmit CSR though if you're using my site or something like certbot. My process of course is 3 web pages (paste cert and click submit on first, add txt records and click validate on second, copy cert on third).
If the verification files are placed where they can be accessed just like any other file from the web then the Let's Encrypt servers should have no problem retrieving them just like any other web page request from a browser. The benefit of doing this instead of DNS is that you don't need access to the DNS records to do the verification. Call it "host-side verification" if you will. 
In my personal opinion, file-based proof of ownership is nonsense as it proves you control the hosting but not the domain. Let's Encrypt doesn't make this distinction though.
Sadly, it could be different. If iFastNet is doing what I said before, you'll get a redirect.
We can check easily, though:
curl -IL somedomain.com/.well-known/acme-challenge/404
if we get a redirect, it's a problem, if we get 200 OK it could be a problem as well. If we get 404 Not Found, we can go on checking other stuff.
Makes sense to me. Not sure why they’d be redirecting a basic GET request like this.