The other way to do it is to use a fresh ACME account every time.
How can I do it?
If everybody was doing that, Let's Encrypts systems would have their load increased a LOT. IMO that's not something you should do.
Well, ok, I agree, but in current situation, as I can see there is no difference between manual renewing and automatic. I think error wil appear in both.
Yes, you are right. Not a long-term solution.
If I unregister account will current certificates be active or not?
Will wait for answer from CF, but as I think solution is only divide SAN
certificate for two with less number of names. It makes harder to my project,
but it may be only one solution.
Deactivating your ACME account won't affect the status of any certificates. Also if you have any rate limit exemptions from Let's Encrypt, you shouldn't deactivate your account.
I'd say the "design" flaw is in:
DNS + firewall/IPS
Something is "blocking" when it should not be.
Negative.
That may be ["common"].
But LE is simply following the rules [per RFCs].
So... the issue seems to be with the DNS implementation [and likely their allowed access rates].
Well then, "we're preaching to the choir".
The people that need to hear about this are the ones managing the DNS systems that may be causing this problem.