Yes, that is what I think is the problem. In my case the problem is the following:
- Limit is reached from renewals
- I get to know, that a new subdomain needs a certificate (I cannot know that earlier)
- I have to wait another week
- Now i can issue the certificate and after that renew the certificates
That implies a forced delay of a week at least once every three months if I have a perfectly timed implementation.
From my point of view, that is a major showstopper for a large scale implementation of letsencrypt in a single root domain. Especially because the forms for rising the rate limit are processed really slowly.
I would really appreciate if the renewals would not count against the general limit. That would solve a lot of problems while not compromising the fundamental idea of the limit.