I am working on my own little ACME v2 client implementation. The approach I am taking is creating a new account on the fly, getting the authorizations, getting the certificates and at the end deactivating the account, as much for simplicity (no state to manage), as a way to clean up (if anything failed) and for security (ensuring no outstanding authorization is used after the renewal is complete). Working great on the staging server (outside of a few occasional 500 errors that seem to be on your radars already).
Does creating a different account for each renewal and deactivating these accounts after the renewal create any problem on the letsencrypt side or can it have undesired consequences?
You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers.
Maybe that would be a problem for some of your users?
Oh no, I will be comfortably within these limits (no third party users, it will only be used for a handful of domains, renewed every 1 or 2 months). I was more concerned by whether it had any consequences from your point of view to get lots of de-activated accounts against the same domain over time or any consequence on the certificate issued to have been issued to an account that had been de-activated shortly after.