Thanks! I already saw it 
Question though:
When LE decided to halt issuance, why was that 36 minutes after the incident was declared? I know it's a very small amount of time, but if one appreciates the fact there was just 19 minutes between the halting of issuance and restarting issuance, that latter amount of time is even smaller!
To me this indicates LE was and is very efficient in fixing the CP/CPS which of course is a great thing. However, for myself I don't have an answer to why the latter window of no issuance was shorter than the time between the decleration of the incident and halting of issuance.
Possible reasons I thought of:
- it simply takes a certain amount of time between the decision to halt issuance and the actual halting itself (buttons have to be pressed, things have to be set in motion et c. One does not simply halt issuance at the largest CA in the world );
- perhaps the decision to halt issuance was made a certain amount of time after the incident was declared;
- probably a combination of the above with perhaps a few other reasons I'm not familiar with.
Note that this is not intended as some criticism, as I think LE acted very, very fast. Frankly too fast for my liking, because I was curious what kind of error the production server was generating during the incident, but look at that, I just got myself a worthless certificate because issuance was restarted already 
I'm just curious how these kind of things work in such a crisis setting 
Second question: is the use of "CN=none" for an empty subject even valid? I guess so.. But personally I would read that as it would produce an invalid Subject with literally an empty CN
Thirdly: props to @lenaunderwood for her first incident report