On the contrary, I’m quite sure I don’t need a wildcard cert. It just happened to be the only workaround I found for that bug at the moment. Will debug that some more … 
Well, there was another quite recent Let’s Encrypt bug also recently (as you’ll see in the DA forum). Will definitively check logs and retry, yes. (Currently waiting for some DNS propagation for some other domains I’ll test this on.) 
Hopefully will figure out why it ain’t soon enough. 
Still considering ClouDNS vs. Cloudflare vs. my registrar’s self developed solution.
Honestly, ClouDNS’s anycast is a complete shitstorm, so don’t bother paying for that.
It seems they don’t actually have any clue about how to operate one, and it turns out buying servers at random locations doesn’t magically make it work.
Try a top notch DNS provider for free… generous offer
I noticed that one, but seems I have to complete some ipv6 something to test it/sign up.
I must admit I never looked in anycast DNS, no idea if/why I want it or not … 
My registrar’s DNS solution seems to automate DNSSEC stuff. That might be nice …
Interesting, thanks! Wondering about the free plan limit of “50 Records”, though. Is that per zone, or total? (Zones migrated from old cPanel accounts often has 30-40 records, of which most are not needed anymore.) 
You can simply signup and use the DNS portion 
I just use Cloudflare. It works awesomely well. Granted it can also break. But what cant? I know something but its NSFW but even that… Shh
Looks like I need to sign up for tunnelbroker or something:
The Open Beta has been expanded and now includes our IPv6 certification or tunnelbroker account holders, Colocation customers and those with Transit services from us.
Free service. Use or not it is your call
Will give it a try. What’s the main benefits/pros in your opinion? 
I happen to find it a Ted bit faster than others. Simple and easy. Nothing fancy like cloudflare of course but Hurricane Electeic is a major player in the industry.
This error, BTW, was … wait for it … … DNS … I know, it’s always DNS …
(Don’t you hate it when you can’t flush cache at some server just beyond your reach?)
I like it. 
My registrar’s DNS panel sets up DNSSEC easily, though … 
Do they still do that thing where their servers stop returning queries for your domain if they don’t detect your nameservers as being pointed to them? It causes an outage when switching NS if your visitors get the update before their servers do, which was the case for me the last time I used them (and why it was the last time).
Sadly yes.
I could use them as secondary/slaves … 
May I ask why?
We should take this discusion elsewhere as it’s clearly offtopic, however I shall answer here.
One of the few requirements for having a good anycast is making sure people are routed to the nearest node, not to the other side of the world.
Looking at their routing strategy, it’s clear why that’s not the case.
https://bgp.he.net/AS203391#_graph4
True, even as the OP (original poster acronym, iirc), I didn’t notice/reflect on this, as I found the discussion quite interesting.