Nope! For various reasons, including that the IdenTrust cross-signature has a path length constraint that doesn't allow any longer chains for this path. Also, Let's Encrypt doesn't want to be responsible for supervising the correctness of your CA's operations.

In theory this could be practical if you look at name-constrained delegations but it seems to me that there are a lot of practical problems with making this widespread. If you happen to be interested in discussing them in more detail, come over to https://community.letsencrypt.org/ and create a new "Issuance Policy" thread and we can get into it in more depth. But the short answer to your question is simply no—Let's Encrypt doesn't offer this service, isn't currently permitted to offer this service, and isn't interested in offering this service.

This kind of service would be extremely valuable for some use-cases. But I could see a hard to solve issue here. Imagine that private key for domain1.com leaked and ordinary person (not owner) wants to revoke corresponding certificate. It's enough to tell CA who issued that certificate and it'll revoke it. Now imagine that private key for sub1.domain2.com leaked. It's signed by domain2.com operator who's just small business or some hobbyist guy and does not even read his mail. Should letsencrypt be responsible for revoking those certificates? What if there are 4 billion of those certificates (e.g. 1.1.1.1.domain2.com, 1.1.1.2.domain2.com and so on)? Should letsencrypt reach domain2.com owner and ask him to revoke? Now it's human labour and can't be automated. Should letsencrypt just revoke domain2.com CA if any of his subdomains were compromised? That's not good either. Should we allow domain2.com owner to issue valid certificates for his subdomains without following proper security practice (like not distributing private keys in his devices)? Not a good idea too.