Regarding the rate limits: Rate Limits - Let's Encrypt
Certificates/Domain limits how many certificates can be issued that contain a single registered domain. This is limited to 20 certificates per domain per week.
This wording is awkward.
This suggests that "foo.example.com" could be on over 20 certificates each week, so long as "example.com" is not issued to 20. This doesn't really suggest that only 20 certificates can be issued to the aggregate of "example.com" and all its subdomains.
It might be more clear as something like:
Certificates/Domain limits how many certificates can be issued to a single registered domain and its subdomains. This is limited to 20 certificates per domain per week.