Let's Encrypt has various rate limits to prevent people from abusing the service. Unfortunately, you've run into one of those here.
Since the municipalities are different entities, it isn't the goal of this policy to stop them from having their separate certificates. There is a procedure to request an override for the rate limits which might be applicable here. However, the procedure should be invoked by someone who is responsible for the administration of the domain name in question (not just an end user). Do you know who runs sp.gov.br?
I also speak Brazilian Portuguese so I can correspond with them if that would be helpful (or I can help translate the rate limit documentation if they don't understand the issue). (If you want, you can add me as a recipient on e-mail in Portuguese with them; my address is my forum username here plus @eff.org.)
There is also an option to get the rate limit lifted by adding the domain to the Public Suffix List.
This is used by browsers and makes their treatment of cookies more correct (without it, for example, if one municipality sets a cookie, it can probably be read by another municipality's site, which is probably not the correct behavior for security and privacy reasons), so it might be a benefit. This also needs to be done by the people who are responsible for the domain name.