I moved this to a new post.
Note that HSTS does not have any impact on the validation requests performed by Let’s Encrypt. Let’s Encrypt does not implement HSTS, so even a domain on the HSTS list can use the HTTP challenge type, without HTTPS.
If you’ve previously issued more than 20 certificates for that domain during testing, there is not much you can do other than wait for 7 days. The rate limits do not apply only to certificates that are actually used - it’s the issuance itself that’s being constrained.
Note that there is also a second rate limit of 5 per week for duplicate certificates - certificates with the exact same set of domains. If you’ve run into that particular rate limit, you can get around it by adding some other subdomain (e.g.
www2.example.com) to your request. The exact error message should make clear whether you’re running into the duplicate/identical certificate limit or the more general limit per domain.
You can refer to the rate limit documentation for more details.