Hi @treedee,
This has been discussed at considerable length in previous forum threads. Let's Encrypt's position is clear: validation attempts may come from any IP address, including those that have not previously been disclosed; validation IP addresses may change at any time. Let's Encrypt's policy is that someone who does not want to allow inbound connections for validation purposes from an IP address should use the DNS-01 method instead. More and more hosting providers and server software are now automating these processes. If yours doesn't, you have the option to change hosting environments, assume more responsibility for completing the process yourself, or get a certificate from a different CA.
You can of course figure out some of the IP addresses in use now by simply trying to get a certificate and noticing where the requests come from, but Let's Encrypt will not guarantee that those are the only addresses that are used to perform validations and will not notify you when other addresses come into use. So your renewals are likely to break at some point in this case.
That would be great—please do! The most responsible way to pursue this would be to get a domain registrant's permission to try to get a certificate for a domain, without giving you any technical control of any of the associated accounts or infrastructure. Alternatively, you could register your own domain and set it up in a realistic configuration and then try to obtain a certificate for it without using your control over any of the associated accounts or infrastructure.