What IP addresses does Let’s Encrypt use to validate my web server?
We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
For validation of publicly inaccessible servers, the DNS challenge is the only choice.
For outgoing connections, that IP address also regularly changes due to the CDN they use (Akamai), so you would not be able to pin it in your firewall.
Perhaps you can put the machine that coordinates the certificate issuance and renewal into the network DMZ?