Might be a stupid question but: where is the difference between renewing a Let's encrypt certificate and just getting a new one?
Related question and background for this question: do I need to keep the account data from certbot? As long as I can validate my domain I will get a new certificate.
What am I missing?
From an ACME protocol perspective, there is no difference...which is to say, there's no such thing as a renewal. All new certs come from a new "order". Most clients just abstract the concept of a renewal by saving the details you originally used to create the certificate and re-using those same details to get a new cert. For reference, here's the recently finalized ACME specification, RFC 8555.
The ACME account data that certbot creates for you is only necessary if you need to revoke a certificate and don't have the private key available. There's nothing technically stopping you from creating a new account for every certificate you create other than the published rate limits. From the doc:
You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers.
Creating a separate account per server is fairly common. There's usually no need to synchronize a single account across multiple machines.
