Now, obviously I can’t use the first certificate as I get an “invalid CA” message. I can’t also generate a new one, due to rate limit. I can’t also seem to revoke it either, so looks like I’m “locked in”.
I’m in dire need of the certificate. Is there anything that can be done about this?
No, there’s no way to bypass the certificates per domain rate limit. Revocation will not reset the count (because the rate limit’s purpose is not to limit “active certificates per domain”, but rather OCSP signing load). You will have to wait 7 days.
Note that you can request SAN certificates (certificates covering multiple domains) by passing multiple -d arguments to the client. You can include up to 100 domains (distinct domains or subdomains), and this will only count as one certificate for your rate limit. Just a hint for your next attempt.
There’s no way to reset the rate limit. Short of using a different domain you won’t be able to get another certificate for 7 days. Take a look at StartSSL (if you’re eligible) or WoSign if you need a free certificate right now.