HPKP-Support in certbot would be really nice. I’ve made a proposal for that some time ago regarding some sort of automated key archival system, basically pinning at server certificate level and storing some encrypted private keys for latter retrieval by an authorized admin should the need arise.
I know, uploading your private keys to the CA shouldn’t be something you do regularly, but that’s the best idea i had regarding HPKP.
My original post was here: Project Proposal: Automating HTTP Public Key Pinning