response: {"name":"CertbotError","code":1,"message":"('xn--80aaaszlmpkyl0e9a.xn--p1ai', \"b'Failed authorization procedure. xn--80aaaszlmpkyl0e9a.xn--p1ai (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for xn--80aaaszlmpkyl0e9a.xn--p1ai\\\\n'\")","extra":null}
In short:
You have an incomplete DNSSEC setup.
Contact your registrar and ask them to remove the DNSSEC for you. (That should resolve the issue)
Long response:
Google Public DNS, like all other DNS resolvers, does see your A record.
However, because you enabled DNSSEC (at registrar level, but not inside your DNS zone), DNS servers that check DNSSEC would return a serverfail for not setup DNSSEC correctly.
You have DNSSEC (key 50281) enabled at your domain registrar, but your DNS zone does not serve that key.
Checking with Unboundtest returned with serverfail because "Missing DNSKEY RRset in response to DNSKEY query." https://unboundtest.com/m/A/xn--80aaaszlmpkyl0e9a.xn--p1ai/TIXPFR2T