Let's Encrypt made a recent change that I think they are reversing. But, the reason for the failure is you are using the flag value of 128 which means critical. You have this set for iodef but Let's Encrypt does not support iodef.
For now, setting the flag to 0 for iodef should allow cert issuance.
https://unboundtest.com/m/CAA/siren.io/DIEWR5A7
EDIT: Below is post with more detail