Generating 4096 bit RSA key for let’s encrypt account…
openssl genrsa 4096 > "/usr/local/directadmin/data/users/salvirt/letsencrypt.key"
Generating RSA private key, 4096 bit long modulus
…++
…++
e is 65537 (0x10001)
Account has been registered.
Getting challenge for salentovirtuale.com from acme-server…
Error: http://salentovirtuale.com/.well-known/acme-challenge/letsencrypt_1504262293 is not reachable. Aborting the script.
dig output for salentovirtuale.com:
95.141.32.176
Please make sure /.well-known alias is setup in WWW server.
My web server is (include version): Apache
The operating system my web server runs on is (include version): Linux Centos 6
My hosting provider, if applicable, is: Ormag.net (self)
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Directadmin
I don't believe the output showing the old IP is from the Let's Encrypt server. I checked the server-side logs and your ACME client has only created a new authz but hasn't yet activated it to respond to a challenge (e.g. Let's Encrypt hasn't tried to look up the IP address yet!)
The Let's Encrypt recursive resolver has a very low cache time and I'm seeing the correct IP from both of your authoritative nameservers when I query them directly.
It looks like you're using DirectAdmin and it may be doing a "pre-check" and failing before telling Let's Encrypt to go ahead with the challenge. Is it possible that the server you're running DirectAdmin on has cached the old IP address? Can you contact DirectAdmin support to learn more about how to resolve this?
At this point it seems like there isn't anything I can do to help you from the Let's Encrypt side. Apologies! Maybe someone else in the forum will have more insight into how to get DirectAdmin to properly handle this case.