There have been a few discussions around white-listing outbound IPs for the LetsEncrypt API.
As many have mentioned the use of Akamai and “Cloud Service” model means that fixed IPs are not guaranteed.
An article about this can be found here:
The question that comes to my mind - what is the feasibility, how many IPs should we list and what impacts the change of IPs.
To this end I set up a little experiement where I resolved the acme-v01.api.letsencrypt.org every 15 minutes using 14 different revolvers.
The code I wrote essentially resolves the IP of acme-v01.api.letsencrypt.org, tries to connect over port 443 and establish a TLS handshake. If these succeed then a connection is said to be successful.