This is a quick follow-up to a previous API Announcement from July 2017.
the order of renewals and new issuances matters. To get the maximum possible number of certificates, you must perform all new issuances before renewals during a given time window.
As of March 8th, 2019 we’ve addressed this problem and renewals can be performed before new issuances without the renewals affecting the Certificates per Registered Domain quota remaining.
Boulder Issue #2800 details the full background of this issue. Our first attempt to address this problem used an approach that avoided applying a database migration to one of our largest production database tables. Unfortunately, as described in the corresponding API announcement we had to revert this implementation after discovering the performance was unacceptable for large ~100 SAN certificates.
The approach we are using today relies on a new database field/index, and corresponding updates to populate and use the new field. Thank you to everyone who was patient while we worked through our backlog to make room for coordinating this more involved solution. I know this was a frequent pain-point for integrators and I’m happy its now fixed