I have a similar problem. masonbee.nz will get a cert but hive.masonbee.nz won’t. Error is "Nameserver lookup failed : Could not find any nameservers for hive.masonbee.nz ". I have nameservers at ns1.masonbee.nz and ns2.masonbee.nz and dig looks OK to me. I can install certbot and issue certs through that but not through the virtualmin lets encrypt interface.
hive.masonbee.nz has address 172.104.61.13
;; connection timed out; no servers could be reached
Which is actually really weird, because it provides an answer and an error. I’m guessing Virtualmin is detecting the error without noticing that it got an address, too.
So, something is wrong with your DNS. That’s something you’ll want to fix (as it took a while to get an answer, even if we ignore the timeout error), and is probably why it’s failing in Virtualmin.
I haven’t seen this particular behavior before, that I can recall…I guess it’s querying one name server, and then when that one takes a while it queries the next, and it provides a response and then the timeout for the first finishes soon after. I’d need to look at the code for the resolver to know what’s happening there and in what order. Regardless, all of the name servers listed for your zone are returning that error and result, or returning nothing but that error.
So…to fix it, you need to fix your DNS. I’m not sure exactly what’s going wrong there, though.