I’m reading the integration guide, and there is lots of concern over when to renew certificates to prevent traffic spikes. To make this more efficient, I suggest that there should be a Let’s Encrypt API that will return the suggested renewal date/time for a certificate.
For each renewal and certificate issuance (and possibly a dedicated endpoint), Let’s Encrypt would return a Unix timestamp for when the client should schedule the next renewal request. LE would evaluate current/predicted traffic patterns and would pick a good future time to renew (approx. 60 days).
To prevent Let’s Encrypt from doing unnecessary computation, they could reuse the existing timestamps for a certain number of certificates (e.g. every 1k certs, recompute the suggested renewal date).
As an example, client programs could store this suggested renewal time locally. Then cron jobs could hit the client program periodically (every minute or so) and it would conditionally renew the certificate, possibly delaying until the exact time occurred. More advanced clients (hosting providers with lots of certificates) would store this time in a database.