Hi,
Thanks for looking into this. I'm a bit confused as to why it doesn't want to work with IPv6 
From another server, I just run:
root@admin:~# curl -v -g -6 "http://cdn.steampunkjunkies.com/.well-known/acme-challenge/foo"
- Trying 2a01:7e00::f03c:91ff:feac:4983...
- Connected to cdn.steampunkjunkies.com (2a01:7e00::f03c:91ff:feac:4983) port 80 (#0)
GET /.well-known/acme-challenge/foo HTTP/1.1
Host: cdn.steampunkjunkies.com
User-Agent: curl/7.47.0
Accept: /< HTTP/1.1 200 OK
< Server: nginx
< Date: Wed, 21 Jun 2017 14:23:47 GMT
< Content-Type: text/plain
< Content-Length: 10
< Last-Modified: Wed, 21 Jun 2017 05:47:17 GMT
< Connection: keep-alive
< Keep-Alive: timeout=60
< ETag: "594a0865-a"
< Accept-Ranges: bytes
<
sdfsad
- Connection #0 to host cdn.steampunkjunkies.com left intact
... so I'm a bit baffled as to why its not working
As you said - removing the AAA record would fix it, but its not ideal (as I want to be IPv6 compatible).
UPDATE: I just saw this thread on VestaCP's forum: Letsencrypt renew automatically - Vesta Control Panel - Forum - I wonder if they are having the same problem as me ;/
Cheers
Andy