It is precisely to avoid the key getting compromised I wanted to revoke the certificate. I.e. in my case it is more likely that the compromise happens through an old backup rather than through the access to the current server.
But I guess I should not put the key into the backup in the first place (that system comes from pre-letsencrypt days). With shown reliability of letsencrypt I can just assume that an extra time to get the certificate after restoration from a backup will be minuscule compared with time to restore from backup.