One, yes. That's from the primary validation authority.
There are 3 other secondary VAs that send requests. Please review this: ACME v1/v2: Validating challenges from multiple network vantage points
2 out of 3 of the secondary VAs must succeed to get a response as well. Currently, they are all hosted on all different AWS regions - so if you are blocking, or have any network issues receiving traffic from AWS, issuance will fail.