Hi @fabius,
As @rg305 said (and linked to), we don’t publish our validation IP addresses because we intend to change them over time, and in fact we have an upcoming launch planned where we will validate from multiple points of view (in multiple parts of the world) simultaneously. I recommend you simply allow access to your HTTP port from the whole world. Millions of web servers do this. You just need to keep up with your software updates.
If you try to firewall validation access to allow only certain IP addresses, it’s likely that future renewals will fail.