Outbound traffic - stability of IP address of acme-v01.api.letsencrypt.org

The IP address is not static, no. Let’s Encrypt uses Akamai’s CDN network, and while I’m not familiar with the specifics on how that CDN works, they commonly don’t have static IPs. Often, they provide different IP addresses depending on your location (or the location of your DNS server), the best/shortest route to the destination, saturation of these routes, any outages, etc. It might be possible to limit the IP addresses to a couple of ranges if you’re doing this all from one location, but that’d have to be a trial-and-error approach, there’s no published list or any guarantee that things won’t change.

A better approach for this kind of thing might be a HTTP(S) Proxy. You should be able to do this with the HTTP_PROXY (or HTTPS_PROXY) environment variable. As far as I’m aware, certbot makes use of this environment variable if it has been set.