As I understand it, this is for domains provided by their users. The rate limits would not be problematic unless the domain uses Let's Encrypt for a lot of other subdomains.

I'm guessing they're using a wildcard certificate for the temporary hostname.