The intended IP is 195.201.96.250. The working subdomain is web1.samys.network
[Edit]
The full error message is web-01.samys.network challenge did not pass: Fetching http://web-01.samys.network/.well-known/acme-challenge/YHAqFhpI2D_UAPSX6oQ7ZrU7LrPQaw-Fteu3tk8-HOI: Timeout
$ dig +short samys.network ns | xargs -I{} dig @{} +noall +answer web-01.samys.network aaaa
web-01.samys.network. 900 IN AAAA 2a01:4f8:1c0c:707f::64
web-01.samys.network. 900 IN AAAA 2a01:4f8:1c0c:707f::64
web-01.samys.network. 900 IN AAAA 2a01:4f8:1c0c:707f::64
Let's Encrypt will attempt to use the IPv6 address, if it exists for a domain. If it fails to connect using the IPv6 address, it will fail the entire validation process.
That is why you have a timeout.
Yeah, my bad. For some reason my local resolver had a cached NXDOMAIN for it, but the AAAA record takes precedence anyway.