Then it should be no problem to choose any other CA whose verification process doesn’t need to be weakened in order to use it. It’s not like Let’s Encrypt suddenly made all other CAs disappear.
As soon as LE supports DNS verification, maybe that’s a thing that helps here, although I can see it already: “What if I run my DNS on some other port than 53?”
If your infrastructure is so crippled you can’t even host on port 80, maybe even more band-aids and kludges isn’t the solution. I certainly wouldn’t support it. It just takes stress away from these fascist ISPs.
Edit: And no, specifically blocking 80 or 443 is certainly not normal. If you pretend it is and simply put up with it without resistance, you’re part of the problem.