Yep, @Nummer378 found it. This is because you have the "critical" flag set on your iodef records.
The CAA RFC actually has two different pieces of language regarding the same behavior.
Section 3 just uses the phrase "unknown":
Issuers MUST NOT issue certificates for a domain if the relevant CAA Resource Record set contains unknown property tags that have the Critical bit set.
However Section 5.1 says both "unknown or unsupported":
A Certification Authority MUST NOT issue certificates for any Domain that contains a CAA critical property for an unknown or unsupported property tag that for which the issuer critical flag is set.
Let's Encrypt "knows about" but does not "support" the iodef property tag. Previously, our behavior matched the Section 3 langauge. Currently, our behavior matches the Section 5.1 language.
However, changing this behavior was not intentional, and even if it were intentional should have been accompanied by an API announcement and a turndown period.
Apologies for the breakage. I'm putting together a change to move us back to the Section 3 way of doing things, and you should be able to get issuance after the deploy next week.
That said, I strongly advise removing the "critical" bit from your iodef property tags, since that tag is not widely supported.
Edit: change is here: CAA: Don't fail on critical iodef property tags by aarongable · Pull Request #6921 · letsencrypt/boulder · GitHub