Honestly, to take this a bit off-topic, I wouldn't mind being able to opt-in to get more frequent emails from Let's Encrypt (certificate renewed, validation failed, rate limit close to getting reached, account key was changed, account email was changed, account was deactivated, and probably others). Obviously being able to specify what alerts one wanted would need to happen somehow, and probably isn't readily shoehorned into ACME. But this general problem of it's hard for people to know what problems their accounts are causing, and other stuff like the renewal emails still being more simplified than is probably ideal, may be better resolved by working toward a better alerting system in general. And while I love email, other people might prefer other contact methods. (Though I understand that all this is much easier for me to suggest than for you to implement.)
And just another random thought: If the issue is domain names no longer pointing to a server that's running a client, might it make more sense for this "pausing" to be name-specific rather than account-specific? I think that if @griffin's thought that "partial zombies" are more prevalent is true, that you'd get more bang for your buck by doing it that way. Maybe the unlock button unpauses all names for an account, to handle the case where one account has a lot of names.