Let's Encrypt renewal for MTA-STS failed after upgrade and restore

I got my MIAB updated to the latest version, did the restore, and all appeared to be working correctly. Overnight Let’s Encrypt attempted to renew several certs. My primary domain’s MTA-STS.domain.com renewed without any issue. The MTA-STS for 4 of my other hosted domains failed to update. The error is:
error: mta-sts.domain2.com:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mta-sts.domain2.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mta-sts.domain2.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for mta-sts.domain2.com - the domain’s nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for mta-sts.domain2.com - the domain’s nameservers may be malfunctioning

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.

Please note that I do not use IPV6, so no AAAA records exist. I compared against my DNS settings prior to the update/restore, and there don’t appear to be any changes there either. Finally, the primary domain hosting my MIAB install renewed the MTA-STS just fine and without error, so I’d assume the web directory can read/download just fine.

Any suggestions?

See what tonight’s maintenance brings. If a repeat, please share the domain names in PM so I can take a look tomorrow.