This might be sort of my fault. Because 6to4 hosts don’t have “real” IPv6 routing it’s harder to be confident of the path chosen to reach them and avoid scenarios where that’s more likely to be an attacker. So I recommended Let’s Encrypt reject 6to4 addresses or implement their own 6to4 endpoint. I think they took the former option.
As a result of that the 6to4 address isn’t accepted. Sorry.
(If I’m wrong I’m sure a LE person will be adding to say so shortly)