I've done some testing last night, it seems TXT records take between ~8 and ~45 minutes to show up for all 12 IP addressed of the DNS nameservers. I just set the delay to 60 minutes (and also set the DNS propagation time to 60 minutes) and I was just able to get a wildcard certificate from the staging server. I think I'll just skip on the sans certificate (alinlung.top without a subdomain) because frankly, I don't use the naked domain anywhere. Thanks everyone for all the help 
I'm gonna give it a few hours for the TXT record TTL to expire and the caching to go away, and then I'll request the certificate again, from the normal (non-staging) server.
If anyone finds this on google and has similar issues, here's the bash script I used. Just put your list of nameserver IPs at line 7, your domain at line 8 and the and the TXT value you're expecting at line 14. It's a bit clumsy and heavy-handed (haven't written bash in ages and it was written at 1am) but it gets the job done, and you can easily compare the starting and ending time to see how long it took.
#! /bin/bash
date;
done=false;
while [ $done == false ]; do
ok=true
for dnsServer in "YOUR_NAMESERVER_IP_1" "YOUR_NAMESERVER_IP_2"; do
tmp=`dig -t txt +short _acme-challenge.YOURDOMAIN.YOURTLD $dnsServer | tr -d '"'`;
if [ -z $tmp ]; then
ok=false;
echo "Failed at" $dnsServer "empty"
break
else
if [ $tmp != "YOUR_TXT_KEY_VALUE" ]; then
ok=false;
echo "Failed at" $dnsServer "nonempty" $tmp
break
fi
fi
done
if [ $ok == true ]; then
done=true;
echo "Finally done"
date;
tput bel; sleep 0.2s; tput bel; sleep 0.2s; tput bel
exit 0
fi
sleep 10s
done
date;
tput bel; sleep 0.2s; tput bel; sleep 0.2s; tput bel
exit 1