I did a series of tests and I can confirm the behaviour described above.
My test setup:
- a webserver with nginx + le-scripts installed
- an unused domain I never before used with lets encrypt
- a bunch of subdomains on this domain pointing to the web server: [t1...t9].mydomain
I started to create one certificate and renewed it a few times (forcing renew). I could renew it 5 times, the 6th time I got:
urn:acme:error:rateLimited Error creating new cert :: Too many certificates already issued for exact set of domains
Then I created a new certificate and so on. This way I created 6 new certs and did 13 renewals within a few minutes.
Action 20 was to create a new certificate which succeeded.
Action 21 was to create a new certificate which failed:
urn:acme:error:rateLimited Error creating new cert :: Too many certificates already issued for: (mydomain)
So renewal also count's up the new cert limit which is really an issue!
Here's the complete test protocol (times in UTC):
6.2. 21:11 t1 new 1
6.2. 21:12 t1 renew 2
6.2. 21:14 t1 renew 3
6.2. 21:15 t1 renew 4
6.2. 21:16 t1 renew 5
6.2. 21:19 t2 new 6
6.2. 21:20 t1 renew 7
6.2. 21:20 t2 renew 8
6.2. 21:21 t1 renew resulted in urn:acme:error:rateLimited
Error creating new cert :: Too many certificates already issued for exact set of domains
6.2. 21:23 t2 renew 9
6.2. 21:26 t3 new 10
6.2. 21:26 t4 new 11
6.2. 21:27 t2 renew 12
6.2. 21:28 t3 renew 13
6.2. 21:28 t4 renew 14
6.2. 21:30 t2 renew 15
6.2. 21:31 t2 renew 16
6.2. 21:21 t2 renew resulted in urn:acme:error:rateLimited
Error creating new cert :: Too many certificates already issued for exact set of domains
6.2. 21:35 t5 new 17
6.2. 21:35 t6 new 18
6.2. 21:36 t6 renew 19
6.2. 21:38 t7 new 20
6.2. 21:35 t8 new resulted in urn:acme:error:rateLimited
Error creating new cert :: Too many certificates already issued for: (mydomain)
6.2. 21:38 t7 renew 21