I was able to find thousands of open authz due to stale certificates from previous certbot client.
I confirmed that I can uninstall certbot without harm to acme.sh here: Using acme.sh; should I remove certbot
I then used the LE_FIND_PENDING_AUTHZ.py script that could help me remove the pending authorizations: Too many requests of a given type - how do you reset this?
It seems the script has gone stale (this pending auth 429 problem isn't seen much since 2017) so I made some quick fixes and put it here: GitHub - claytonrothschild/LE_FIND_PENDING_AUTHZ: Use Certbot Logs as a way of finding pending autz</t
It is now rolling through removing the pending authorizations. Feels great!
One final thought: If it wasn't for @rg305's observation of multiple clients in my original post this would not have been solved so easily at all. I wonder if it would be useful in the Help Template to ask if the user has or has had more than one client installed. I just put two clients down by happenstance, and truthfully I thought acme.sh was just a wrapper for certbot. So I got lucky.
Thanks all.