It is currently the expected behavior. The plan is to change it so that renewals don’t prevent you from issuing new certificates, but they’ve found fixing it to be surprisingly complicated, so it hasn’t happened yet.
The current workaround is careful scheduling, even though what you’re doing now is normally recommended.
The other workaround is to do something like get one wildcard certificate you deploy to all your servers, if it’s possible in your environment.
You can request a rate limit adjustment; I’m not certain if they’ll grant it.
@mnordhoff Thank you, it’s good to know this is an acknowledged issue. Is there an intended timeframe, such as weeks, months, etc. Or is there an issue ticket to watch for progress. If it’s likely to drag on, I’ll put some serious thought into options on our side.