Your cron should run certbot renew
twice a day, at ideally a random time (or at least not the top of an hour). It checks to see which of the certificates that it's managing needs to be renewed, and only renews them if needed. (If there's some problem on Let's Encrypt's side with a certificate they issued, it may need to be renewed sooner, and if sometimes you hit a sporadic failure while trying to renew, then it can just try again the next day.) See their recommended script in the certbot manual which is just basically a fancy way to try to pick a random time during the day, and then 12 hours offset from that, every day.
According to this post, which I probably also should have linked, currently validation attempts happen from the US, Sweden, and Singapore. But the exact countries can and will change over time, as they work to verify that you actually control the name as seen from global perspectives.