Hi @neilpang,
The intention was to have the Validation Authority of the CA try IPv6 first if there is an AAAA record, and fall back to IPv4 if the AAAA record timed out or failed. There is a known issue right now (HTTP-01 IPv6 to IPv4 fallback not working properly · Issue #2770 · letsencrypt/boulder · GitHub) where it appears the initial IPv6 request may use the full VA timeout preventing the IPv4 fallback from happening.
Why is the user unable to provision a challenge response server on the IPv6 address?