The logic around renewals vs new certificates is a little non-intuitive. I’ve tried to convey it at https://letsencrypt.org/docs/rate-limits/
To make sure you can always renew your certificates when you need to, we have a Renewal Exemption to the Certificates per Registered Domain limit. Even if you’ve hit the limit for the week, you can still issue new certificates that count as renewals. An issuance request counts as a renewal if it contains the exact same set of hostnames as a previously issued certificate. This is the same definition used for the Duplicate Certificate limit described above. Renewals are still subject to the Duplicate Certificate limit.
Specifically, you get the renewal exemption only if you’ve already hit the Certificates per Registered Domain limit for the week. If you do all your renewals first, then try to issue new certificates, you will hit the limit. I realize this is a bit awkward to work around, but my recommendation would be that if you have a bundle of certificates to issue, and to renew, do the issuances first and then the renewals.