If “key” means the 43-character token you might find it in logs if one was issued. Thing is, the TXT record workaround shouldn’t be necessary even though it can help get the job done. When DNS validation fails are you making new attempts afterward (without maxing out rate limits)? I think network hiccups cause problems often enough to fool us into pointing blame in our direction when the problem could be any network between our servers and Let’s Encrypt. I’ve seen Let’s Encrypt IPs in errors or logs time out when I trace or ping them but eventually validation succeeds after a second or third attempt.
I suggest not changing anything and keep trying if you are confident in your DNS setup. If it continues to fail try to figure out what’s slowing down lookups. If there’s a network issue http validation might fail too.
And since you’re comfortable at the command line you might as well try certbot’s dry run option. It isn’t in the web panel but evidently Virtualmin’s API can do it. Once a dry run succeeds be sure to replace the fake certificate with a real one.