Also see this by @jvehent [on the GitHub issue] (Review all cryptographic algorithm and parameter defaults · Issue #555 · certbot/certbot · GitHub):
While the performance difference is probably not the highest concern,
there has been some research that suggest that attacks on AES256 are
easier to achieve than on the 128 variant. The reasoning is that most
attack on AES do not directly target the rounds or the key length, but
focus more on side channels like timing attacks. If AES 128 is more
resistant to those than 256, then 128 should be preferred. This thread
has more information: Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers
I'm happy to explain more about the reasoning behind each level if
you'd like. We spend a lot of time making sure the levels are current
and support the security and compatibility needs of old, intermediate
and modern web applications.