Only with certificate pinning or something similar. Otherwise, the attacker can get valid TLS certificates for any domain hosted on the hijacked IP addresses.

For LetsEncrypt, routing is authentication: if packets routed to the IP in the A record end up at your place, you can get a cert for that domain.

DNSSEC and DNS-01 challenges might do the trick at the cost of significant effort, provided LE could be directed to check, similar to the way MTA-STS works.

Let’s Encrypt has been doing DNSSEC validation for years. DNSSEC could have prevented the jabber.ru MITM attack.

Those two things address orthogonal issues