Found the --keep-until-expiring parameter option after I wrote my comment and managed to put together a simple (but far from perfect) script for myself. Didn’t find much documentation mentioning this parameter so I didn’t know it had been implemented until recently.
Of course, some of the accidental renewals might be avoided if the client brought up a “are you sure” prompt if the user is going to apply for a new certificate which already exists (and made with the same configuration options as the live one) and was created within the rate limit window. Like the problem when people use certonly and then think the install option will simply resume where certonly left off (and they don’t think the --keep parameter will have any effect).