Now, yes; Your plan is clear to me and it "makes sense".
But, sadly, in practice that plan should fail.
Why?
Because it's a catch-22: You can't do an HTTP redirection around an HTTP geoblocking problem.
[you will never get the geoblocked HTTP request - if you could, then why would you need to redirect it elsewhere?]
If you can't change the geoblocking...
Then your only other choice is to use DNS-01 authentication.