Are you currently using a self-signed certificate?
This error:
ValueError: Wrote file to /home/domain/public_html/.well-known/acme-challenge/XXXXXXXXXXXXXX, but couldn't download http://www.domain.it/.well-known/acme-challenge/XXXXXXXXXXXXXXXX
Is generated by acme_tiny. acme_tiny performs a self-check of the verification URL, and refuses to continue if that fails. Depending on your python version, this is going to fail with a self-signed (or, more generally, any untrusted) certificate. You could try your luck with this patch if that's the case, or disable the redirect until you have a trusted certificate ready for the next renewal.
Note that even if you're currently using a certificate signed by Let's Encrypt, you'll have to make sure that you're also including the issuer certificate. In a nutshell:
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
cat /home/domain/ssl.cert intermediate.pem > /home/domain/chained.cert
... and then point your ssl_certificate directive to /home/domain/chained.cert.