(See also Hitting rate limit after renewing certs).
There are two sentences in the documentation, on the Rate Limits page (https://letsencrypt.org/docs/rate-limits/):
- “The main limit is Certificates per Registered Domain (20 per week).”
- “Renewal Exemption to the Certificates per Registered Domain limit. Even if you’ve hit the limit for the week, you can still issue new certificates that count as renewals.”
I think these do not explain the fact, that renewals actually use the quota of 20, but they have an exemption from the limit. This is important, because it makes a clients ability to obtain new certificates dependent on the order of commands issued. If one wants to create 10 new certificates and renew 15, it is possible to do so by first requesting the new ones and then renewing the old ones, but impossible the other way around.
I suggest clarifying this in the paragraph about renewal exemption: successful renewals also use the quota, but are not subject to the usual Certificates per Registered Domain limit. If people have to figure out this on their own, experimenting places a burden on the live environment.