Hi @rgould,
You should not use a validation method that requires an inbound connection in this case, because the validation IP addresses may change frequently in order to be deliberately unpredictable. Please see
The validation method that doesn't require an inbound connection to your server is the DNS-01 method, which requires you to create a specified DNS TXT record in your domain's DNS zone.