Specify source country for http-01 challenge

This is a great tip. You can also do this with a CNAME in some cases, right?

Can we maybe make a new page for in Documentation - Let's Encrypt for some form of "I can't allow incoming connections from the whole world"? Maybe especially with the recent changes, some form of this seems to be a pretty frequently-asked question. I'll make a little draft.

Edit: Here's a very basic draft on this issue.