Welcome @gdsm1
But, your problem is not exactly the same as @tootai whose lookups fail even with unbound 1.16
I have asked a mod to split your post to a different thread.
You are affected by an upgrade to the unbound system that Let's Encrypt uses to verify domains. If you use https://unboundtest.com and check your TXT record with 1.16 it will work. But, 1.18 and 1.19 fail. There was some sort of change regarding packet sizes with udp / tcp and the DNS query. I don't understand all the implications.
It seems that now up to around 20 TXT records would work. See
And, while it is reasonable to expect 100 TXT records to work given the 100 SAN limit you could have 100 SANs using all HTTP Challenges so no TXT lookup at all.
I understand why you would think 100 TXT records would be the limit. But, I don't know that LE ever said how many were allowed. You wouldn't need any TXT records for a 100 SAN cert that used the HTTP challenge. The size concerns are affected by different underlying technologies.
The earlier failures were service providers combining multiple customer names on one cert (sometimes using CNAME from customer domain). If this is your case too you may need a more granular partition scheme depending on LE response.
==================================================
For future viewers, below was from prior thread which provides more info about the TXT and SAN limits described above.
From here: Challenge Types - Let's Encrypt
You can have multiple TXT records in place for the same name. For instance, this might happen if you are validating a challenge for a wildcard and a non-wildcard certificate at the same time. However, you should make sure to clean up old TXT records, because if the response size gets too big Let’s Encrypt will start rejecting it.