Running from my webserver: ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d rc.benchtools.us

Domain: rc.benchtools.us
Type: unauthorized
Detail: Error parsing key authorization file: Invalid key
authorization: 235 parts

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

rc.benchtools.us is an A record and there are no blocking firewalls.

If you place something in a file at /usr/share/nginx/html/.well-known/acme-challenge/testfile

can you then view it OK from outside at http://rc.benchtools.us/.well-known/acme-challenge/testfile ?

The url for the rocketchat site I have running is currently rc.benchtools.us:3000

letsencrypt needs to access port 80 / 443 to verify your domain

Is there a way to get a certificate manually and put it in place?

This rocketchat is an internal website for chat.

Yes, but LE needs to verify you own the domain. It does this with either a test to port 80 / 443 on your domain or you can do a check via DNS (although the official client doesn’t yet support the DNS check - other clients do. I kow the 3 bash ones support the DNS challenge.