[bburky]

> The LE HTTP challenge gives no guarantee which A record it will use.

That almost changed[0], but the current consensus[1] seems to be that you should be using dns-01 for validation behind a load balancer instead.

[0] https://github.com/ietf-wg-acme/acme/pull/138

[1] https://mailarchive.ietf.org/arch/msg/acme/6RSxtvpkcQNPmKs9f...