This is starting to sound like this short topic:
So it seems marking an AccountKey as compromised must still be done by alerting the LetsEncrypt service, though a rollover or deactivation would have the same effect of blacklisting it - though it wouldn’t necessarily revoke any outstanding certificates. (I am assuming that my client will not necessarily know of every action tied to a given AccountKey that may require revocation, cleanup, etc).
- @jvanasco