DNS “propagation” is mostly a myth invented to cover up incompetence by people managing DNS records.
DNS is a distributed name resolution system with caching, name owners get to specify how long the caches should last and there is little practical benefit to specifying very long lived caches of more than an hour or so. Administrators should plan in advance, so that if for example they expect to change some records tomorrow they run down the cache lifetimes first, then ramp them back up after making the change to give the best possible experience. Google’s google.com for example sets caches to last just sixty seconds for all its records.
However the perception by users that something has to “propagate” slowly when they make a change allows incompetents to justify the problems they cause as somehow inevitable, just part of “how DNS works”, you have to wait for it to “propagate”. I’ve seen people insist that it will take “a few hours” even for their authoritative servers to update “due to propagation”,
Another example, a moderately popular web forum changed host, they told their users “Due to DNS propagation it might take a few days for you to see our new server. Meanwhile to reach our site you’ll need to manually follow this alternate URL”. In fact they had written their new IP address into DNS as a CNAME string for the site name, which of course can’t work, but if anybody complained they’d be told to stop whining, it’s just DNS propagation. After a couple of days the people running the site grasped their mistake, pasted the correct A record into DNS and declared that now “propagation” had succeeded.
@parkhyunjoon - you need to ensure all Authoritative DNS servers for the name you want a certificate for are updated, this is not “propagation” and is purely under the control of your or your hosting supplier. Once the servers are updated, you don’t have to wait for any “propagation”, the Let’s Encrypt systems will interrogate these Authoritative servers themselves directly about the new domain.
If the names will be entirely new domains (e.g. you just purchased example.com and want a certificate for example.com or www.example.com) you should make sure NOT to request the certificate before you receive confirmation from the registrar that your domain is actually being served by that registry’s authoritative servers. For a domain you already control this isn’t an issue.
If you want certificates for names that aren’t (yet) known to Authoritative DNS servers for those names on the public Internet, you cannot get them from Let’s Encrypt, you will need to find a commercial CA which is willing to make such speculative certificates for names that don’t exist yet, which is unlikely to be free.