Yep, that’s the previous thread. Essentially, issuance for a parent domain gets checked against subdomains; in the case of issuance for a parent domain that is also a public suffix, there are likely to be very many certificates counting against the limit for subdomains. I think the right fix here is changing the renewal rate limit so that ordering doesn’t matter.