There was a post last month with a nebulous "soon" but with other priorities happening first. With no firm date yet, and with them working on the new IdenTrust cert chain stuff now, I'm guessing there's still a good amount of waiting left to go.
There is a "workaround" of sorts suggested in that thread, where (assuming you can automate the DNS updates easily) you set your CAA to not allow any issuance except for the times you're running your "authorized" renewal process during which you set it to allow Let's Encrypt. That's probably the best you can do in the meantime.