Hmm, yeah, so Caddy should only continue with the DNS challenge once it has performed its own authoritative lookup to verify that the record is visible – but this is only a guess, and it’s ultimately up to the ACME server to decide whether it sees it from its vantage point. In those logs, the ACME server is responding that it can’t find the TXT record required to validate the domain.
I’m not sure how it’s possible for Caddy to see it and for Let’s Encrypt to not see it as in this case, but maybe something else funky is going on. (Make sure you test with the staging endpoint, not production.)