Section 7.4 of draft-09 specifically says:
The server MUST return an error if it cannot fulfill the request as
specified, and MUST NOT issue a certificate with contents other than
those requested. If the server requires the request to be modified
in a certain way, it should indicate the required changes using an
appropriate error type and description.
The validity period of Let's Encrypt certificates are not end-user configurable. If we receive a newOrder request with a notbefore and notafter we can not fulfill the request as specified and so we return an error.
The solution is to not submit the notbefore/notafter.
Hope that helps,