I received the message that says I will not be able to renew some domains because they conflict with RFC 5890.
You are receiving this email as you have an active certificate that contains a R-LDH domain name (a DNS name containing the characters '--' in the third and forth positions in a label, e.g. 'bq--example.com'). These names are considered reserved by RFC 5890 and as such we have decided to no longer issue certificates containing them. As such you will no longer be able to renew any certificates you currently have that contain these names.
I am not sure what certificate we have that would violate this? Is there a way we could find out which certificates are associated with my email to find the one that would be of trouble? We do have some certs that contain --, but they shouldn't be in the third/forth position.
FYI, the RFC in the email is correct, and the Unicode Normalization incident you linked is a different thing. Unicode normalization is about whether ë is represented as e + ¨ or just ë as a single character. The R-LDH limitation is defined by IDNA (RFC 5890) and says "DNS names starting with 'XX--' where XX != 'xn' shouldn't be accepted by applications that process Internationalized Domain Names."
Ah ha! We found it. We have been using dc--eater--com.our-testing-domain.com, not realizing that was going to be a problem in the subdomain. Working on some fixes locally until we can just use a wildcard certificate to ignore it in the future.