Another thing I’d like to add (ask) to (in) this HPKP discussion is:
AFAIK the LE often requires the server operator to cryptographically prove (aka sign) that he owns the private key of a (previously) used certificate.
However in case of HPKP and an attack you may get problems, because if your server is compromised and you have no way to get to the private key, so you have to reset your server, you may get problems with this challenge.
This may be problematic when you want to get a backup cert signed by LE after an attack.
So this means you should always also backup the currently used certificate.
Please correct me if I am wrong, because I only had this cryptographically verification in mind and thought this could be an issue here.