Here's what happened to me (more information here).
I have some 50+ domains, all with certs that have sub-domains, and I made a mistake when doing off-site backups and sent some certs, including the private keys, in cleartext - oops!
As the first time I had to revoke certificates, which I understand we are obligated to do under the terms of service for receiving the certs in the first place, I followed the revoke procedure as directed here.
However, when I went to issue new certificates, I've created a catch 22 problem which appears to be caused by the fact that I listened to the advice certbot gave and told it to delete all the existing cert files. -ugh!-
This isn't good advice as deleting the certs prohibits Apache from running (starting) and therefore certbot can't / won't authenticate, and the old files are now gone so you can't authenticate from the old private keys. Further, it's not fun because creating all new certificates is a huge headache because certbot always trashes the apache configuration file. SURE, it works OK for the most basic configuration but do something out of the ordinary and it breaks and has to be fixed by hand.
To avoid having the web sites all down for a long time, one is forced to RESTORE THE BACKUP, thereby using the revoked keys. Then, the user has to reconstitute all the various certs, which ALSO may be non-trivial when there are lots of domains, lots of subdomains which aren't common in any way with other domains, and when there may not be easy records to go by to "do it by hand" using certbot certonly -d ,. [...]
SURELY it would be better if, when asked to do a revocation, certbot could ask if the environment is now secure and if it should just create a new certs, just like the old ones, instead of, or in addition to, asking about deleting now revoked (and other) certs.
As a programmer myself, this seems like a modest request, but I really don't know if it is or not. SURELY it would help people who are already under the heavy stress of having compromised security not make additional mistakes like I did.