I'm also thinking you might be running into Path MTU issues, if your authoritative nameservers were working with this configuration before July 27 when Let's Encrypt made a small change, based on the DNSViz report saying that it needed to use smaller packets in order to get replies:
https://dnsviz.net/d/_acme-challenge.vadim.com.ru/dnssec/
_acme-challenge.vadim.com.ru/A (NODATA): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type A, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type AAAA. (2a02:6b8:0:1::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/A (NODATA): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type A, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type TXT. (2a02:6b8:0:1::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/A (NXDOMAIN): No response was received from the server over UDP (tried 7 times) until the NSID EDNS option was removed (however, this server appeared to respond legitimately to other queries with the NSID EDNS option present). (2a02:6b8::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/A (NXDOMAIN): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type AAAA, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type A. (2a02:6b8::213, UDP_-_EDNS0_4096_D)_acme-challenge.vadim.com.ru/AAAA (NODATA): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2a02:6b8::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/AAAA (NODATA): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type AAAA, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type A. (2a02:6b8::213, UDP_-_EDNS0_4096_D)_acme-challenge.vadim.com.ru/AAAA (NODATA): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type AAAA, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type TXT. (2a02:6b8::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/AAAA (NXDOMAIN): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2a02:6b8:0:1::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/AAAA (NXDOMAIN): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type A, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type AAAA. (2a02:6b8:0:1::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/TXT (NXDOMAIN): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2a02:6b8:0:1::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/TXT (NXDOMAIN): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type A, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type TXT. (2a02:6b8:0:1::213, UDP_-_EDNS0_4096_D_KN)_acme-challenge.vadim.com.ru/TXT (NXDOMAIN): The server returned a no error (NOERROR) response when queried for _acme-challenge.vadim.com.ru having record data of type AAAA, but returned a name error (NXDOMAIN) when queried for _acme-challenge.vadim.com.ru having record data of type TXT. (2a02:6b8::213, UDP_-_EDNS0_4096_D_KN)
It's looking like your DNS servers aren't always responding correctly, at any rate, so I'd suggest first looking at ensuring they give a response worldwide correctly while the record is there.