If you can't leave port 80 open, then you should probably just switch to DNS authentication.
There are plenty of threads/topics here that cover how LE is now using multiple validation points and those IPs are NOT set in stone - they can, and will, change without notice.
6 Likes