I think the more likely reason is that you are using an autocert system with a high number of domains. IMHO, you are going to constantly run into different ratelimit issues because of this between obtaining and renewing certificates... and issues will increase as you scale the number of nodes that terminate SSL.
I had similar needs/concerns with whitelabel services for custom domains. I ended up making an ACMEv1 system, and redesigned it to ACMEv2 over quarantine - PeterSSLers.
The basic operation is this:
- An OpenResty plugin loads certificate data from a waterfall cache: nginx-worker, nginx-master, redis, and then an internal Pyramid (Python) application.
- The Pyramid application is a Certificate Manager and API Client. It has a UX for humans and API for apps and OpenResty. It handles the ACME ordering process and scheduling renewals.
- The OpenResty plugin can be configured to failover to autocert, which has a locking timeout.
Some bits are rough, but it does it's job and is constantly improved.