Hi @dalias! Sorry to hear you're having trouble. Earlier in the thread you linked, you can see a nice description of the risks with 6to4 addresses: Problems validating IPv6 against host running 6to4 - #5 by tialaramex.
I'm curious: presumably you have a public-facing IPv4 address in order to use 6to4. Why not use that address directly in an A record?
One way to make dns-01 work for you: You could use CNAME or NS records to delegate _acme-challenge.example.com
to a zone that can live-sign DNSSEC responses.