That’s not going to work forever, though.
Once unauthenticated GETs are disabled, you will only be able to retrieve the certificate using the ACME account that originally issued it. (Or at least, that’s how it stands today).
It’s a little unfortunate that ACME doesn’t let you revoke by just the serial, but it’s probably too late to change that now. I don’t think having to present the exact certificate is required by any rules or even Let’s Encrypt’s own CPS.
Allowing revocation by precertificate seems to me like a reasonable way to fix this (possibly without changing the spec), especially considering that precertificates are the only reliable means to detect and react to a bad certificate, without resorting to emailing cert-prob-reports@letsencrypt.org.