See this advice:
Since Spamhaus chooses to continually re-list the validation servers, it's up to you to either stop using the blacklists, whitelist the URL, or choose a validation method (e.g. DNS-01) that avoids them.
Even if they requested to be unlisted (again), what's the point? The ACME protocol by definition requires an "open redirector" to be run by the CA. I could setup a 302 redirect from my domain to http://{spamhaus-honeypot}/{exploit_url} and get them re-listed within hours.
The problem requires a different solution.