Let’s Encrypt certificates only certify a domain name, and don’t mention an IP address, regardless of whether that domain name is pointed at 0, 1, or 10000 physical hosts or IP addresses. In the current web PKI, the same certificate, once issued, can be deployed on any IP address as long as the browser believes that it accessed that IP address as a result of trying to connect to a specified hostname that matches the certificate content. So the browser doesn’t care if example.com resolved to 220.127.116.11 or 18.104.22.168 as long as the certificate it got back includes “example.com” as a subject name.
Therefore, you don’t have to worry about this aspect if you’re using the DNS validation challenge, assuming that your DNS zone is globally consistent with regard to extra stuff that you add to it. That is, when you add the extra validation record, that particular record does have to be visible from anywhere for the validation process to complete.
Edit: some CAs are willing to issue a certificate for an IP address, but this is still only checked “permissively” (or we could say “disjunctively”) if the browser is trying to access the site by IP address, so it says “it’s OK if you think the site was called this”, not “the site is required to be served from this IP address, and only this IP address”.