Hi @giorgio,
The Let’s Encrypt CA does not rely on DNS record propagation like a desktop browser would; it always goes directly to the authoritative nameservers for the domain, so this is not usually the reason. However, if your provider doesn’t apply the update to the authoritative nameservers immediately, there could still be a delay that is kind of like a propagation delay, although for a different reason.
Another possibility that can cause this error is a DNS zone misconfiguration, including DNSSEC errors, like when DNSSEC signatures are invalid or absent, but marked as required. So you might also want to look at your DNS setup with testing tools that can indicate any invalidity or misconfiguration.