Difference between "Descendant User Objects" and just "User Objects"

Some domains are not pleased while trying automatically get a ssl certificate with lets encrypt on my server. I am trying to request a free certificate, but somehow the request is returning the following error:

Error: http://example.com/.well-known/acme-challenge/letsencrypt_1553892860 is not reachable. Aborting the script. dig output for domain.nl: <<EMPTY>>
Please make sure /.well-known alias is setup in WWW server.

Usually, the error is returning an ip address or a hostname which I know that the domain is then not pointing to my server. These errors I have already managed to fix successfully.

But in this case the output is empty which is really confusing me.

So what I did so far is I created a test file which I placed in de /.well-known/acme-challenge/ folder of my webserver and tried to reach it from the browser using http://example.com/.well-known/acme-challenge/test.txt. The browser succeeded to open the file which confirmed me the destination is reachable.

As a consequent, I tried to confirm to get the same file using curl (since letsencrypt with Directadmin is using curl to validate the domain data that is place in the same acme-challenge). Unfortunately, somehow the response of curl states that the same file that is request is not found.

Here is the line I used to request the file with curl:

/usr/bin/curl -I -L -k -X GET http://example.com/.well-known/acme-challenge/test.txt

Now my question is, could it be possible that somehow the server dns or curl script is confused since it not succeeds to get the file succesfully? Do I maybe need to reset curl or remove cache?

I have already tried to update curl using yum update libcurl and restarted apache using sudo systemctl restart httpd.service.

The server is running CentOs with apache and Directadmin.

.

UPDATE:

In the meanwhile I have found the issue causing the 404 why it can not find the link on my server. The domain is making use of CNAME that is pointing to an another domain hosted on my server i.e. example1hostingprovider.com CNAME example2myreseller.com. CNAME example3myserver.com

So in this case the domain is hosted by a webhosting company which has a CNAME to my reseller hosting where I have another CNAME pointing to my official server.

When the curl is performed on myserver(i.e. example2.com) to the link, it is trying to open the link within myreseller hosting(i.e. exmaple2.com). But this reseller hosting does not contain any web files.

I found this out by doing a nslookup from the server to the domain (which shows the ip of my reseller(example2.com) while performing nslookup to the same domain from my home internet shows the ip of my server (example3.com).

So this is definitely a DNS issue why the domain could not be reachable when requesting a ssl certificate for it.

Strangest thing is that another domainname that is hosted on the same provider (i.e. example1.com), with the same nameserver and also same CNAMEs, shows the ip of my server (example3.com) when I perform a nslookup to it from my server.

So is there a way to force change the dns ip of my domains that should be shown to the DNS servers? My server is using DNS server 8.8.8.8