The issue was, I was using a trusted site notification service from McAfee,
bought from GoDaddy. By default, turning on the feature changes the A
record to proxied IPs from McAfee (which is why there was multiple IPs in
the DNS check.
I had to turn the trusted site feature off, wait for the Let's Encrypt rate
limits to expire (10 certificates in a week), and just run the Bitnami
autoconfiguration tool again, and Voila! It works.
Which is why I said you guys are geniuses, I would have had to spend 3-4
hours to setup everything myself, Bitnami autoconfiguration script did it
in two minutes.!