I've no idea what my ISP is doing. I don't have any geo specific rules on the firewall. I was able to generate the certificate this morning, maybe by pure luck. I can ping the host from anywhere in the world with no issue, it's only TCP & UDP connections that seems to be slowed. I do have multiple IP address (IPv4 + IPv6) but the error happens only on IPv4 and all hosts on the same machine only reply on IPv4 (I haven't set up the IPv6 DNS records anyway). Why some domain works and some not, I don't know, there all resolve to the same IP address via CNAME or directly via A. I'll wait for a day or two and check again.