Hi @fastboy! Thanks for sharing your story. That does indeed sound like a very frustrating experience.
But the TTL is 4 hours by default and cannot be changed surprisingly.
If the TTL is 4 hours, that won’t actually be a problem, because Let’s Encrypt’s DNS resolver sets a max TTL of 5 minutes. So it won’t be using a cached version of the TXT record. But maybe your DNS provider only pushes out new records every 4 hours (which is a subtly different issue).
I have a couple of recommendations there: First, you can probably switch DNS providers independently of your web host, to one which pushes changes more rapidly. For instance, Amazon Route53 costs $6/year, and pushes updates within a minute or two. There’s also a nice Certbot plugin that integrates with it: https://github.com/lifeonmarspt/certbot-route53.
Second, you will probably find this easier if you automate it somewhat. Instead of using sslforfree.com, which is a very manual process, download Certbot and use it to issue a certificate with the DNS challenge. Then you can upload the resulting certificate to your hosting provider. You can even set up a cron job on your local machine to run Certbot every 60 days, so all you have to do is the upload.
Lastly, the very best experience will result from your hosting provider implementing built-in ACME support. Have you asked them about that?