This might be an internal error that there’s nothing you could do about, or there could be a real CAA problem with one of your domains, but a bug in the new CAA rechecking routine is masking the real error.
Please note CAA records are always checked, and have nothing to do with whether or not you use HTTP or DNS verification.
Can you share one of the domains that is failing? It would make it much easier for a Let’s Encrypt engineer to look into this from their side.
Are all of your domains failing in this way? Do they all use the same DNS servers?