Let’s Encrypt’s policy is that you should allow all IPs to access the validation paths on your website instead of blocking or allowing individual IPs.
The alternative is to use DNS validation (while allowing all IPs to access your DNS servers…).
They recently enabled multiple perspective validation, which is why you’re seeing requests from new IPs now, but it’s possible for them to change at any time.