Reading this again I am convinced there is nothing you can do to solve this right now.
Yes, you might try changing authoritative dns, but if it works intermittently, it's probably fine. It only needs to work once in the ten days the automatic renewal is running. You might tell certbot to try every hour instead of twice a day, but I wouldn't do anything else.
My main suspect is some kind of anti abuse system on the njalla authoritative dns servers.