Unless you're behind a NAT, of course.
I'm like 90% sure that the Let's Encrypt VAs are still behind NAT, because even as recently as this month I've had to help a customer to disable tcp_tw_recycle to prevent Let's Encrypt validation timeouts. (cPanel support enabled it on their server for some reason 
).