Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The reason is probably due to your domain’s nameservers sending bogus NS records.
Your actual nameservers are as follows:
jobtantra.com. 172800 IN NS ns51.domaincontrol.com.
jobtantra.com. 172800 IN NS ns52.domaincontrol.com.
However, when making an inquiry at those nameservers, they are giving an incorrect referral to other nameservers:
$ dig +noall +authority @ns51.domaincontrol.com jobtantra.com
jobtantra.com. 3600 IN NS ns21.domaincontrol.com.
jobtantra.com. 3600 IN NS ns22.domaincontrol.com.
Those two nameservers (21 and 22), don’t actually contain the zone data for your domain, and give a REFUSED response code.
What’s happening (probably) is that Let’s Encrypt is picking up those two referrals to ns21 and n22, except when it tries to use them, it gets a REFUSED, which leads to the SERVFAIL.
So what you should do is locate those two incorrect NS records and either remove them or amend them to the correct nameservers (ns51 and ns52).