You should persist certs somewhere. Otherwise your availability is heavily tied to LE’s uptime.
replyTechnically, because Let's Encrypt always publishes all requested certificates to the logs (this isn't mandatory, it's just easier for most people so Let's Encrypt always does this) your tool can go look in the logs to get the certificate. You do need to know your private key, nobody else ever knew that so if you don't have that then you're done.
replyPretty risky given the rate limits of Let's Encrypt are non negotiable with no choice but to wait them out.
replyThey are quite literally negotiable: https://isrg.formstack.com/forms/rate_limit_adjustment_reque...
replyThere are also a bunch of rate limit exemptions that automatically apply whenever you "renew" a cert: https://letsencrypt.org/docs/rate-limits/#non-ari-renewals. That means whenever you request a cert and there already is an issued certificate for the same set of identities.
Your comment is 100% correct, but I just want to point out that this doesn't negate the risks of bob's approach here.
replyLE wouldn't see this as a legitimate reason to raise rate limits, and such a request takes weeks to handle anyway.
Indeed, some rate limits don't apply for renewals but some still do.