It sounds like you're trying to work around some sort of problem, but it's not clear to me what problem that is. Usually, you can have your client integrate with your web server on port 80, or the web server running on that port has an ACME client built in, or something like that. Usually all that needs to happen on port 80 is handling ACME challenges and redirecting all other requests to https, so it can even be a different piece of software than that which runs the "main" site on 443.
If you're in some unusual situation where you can't put some sort of ACME-aware reverse proxy or the like on port 80, you might want to look at some experimentation from a couple years ago which configured Linux to intercept requests for the HTTP challenge in order to reply to them without interfering with normal web serving. I don't know if it's mature enough for "production" yet, but it was an interesting idea.
In terms of can you "manually collect these IP addresses", you'll basically be collecting every external IP used by VMs hosted in AWS, and potentially other clouds eventually too. Let's Encrypt needs to check from multiple places around the world in order to make sure that you control the domain name as seen from around the world, so they regularly spin up VMs in various regions to do validations.