Yeah this should be revoked. Mozilla's CA acceptance programs mandate that the CA revokes the cert if the key gets compromised, and I presume others do too.
> If you have a test domain you can stick it on CloudFlare and get a certificate for free without the private part becoming public.
It all comes down to the fact that CA's don't want you to sign your own certificates, even when it's one of your subdomains unless you pay the big bucks.
Best thing to do it still to create your own CA and sign certs for these kinds of things since it's meant for testing and development anyway. It's not that hard, anyone can use some command line can do it.
I'm surprised there's no "CA-tool-as-a-service" where the CA provides an API (and maybe a CLI tool that uses that API) allowing you to automatically request-and-generate certs from their CA server provided it's for a subdomain of a domain you have on your account.
This would be for subdomains with their own "sovereignty"; e.g. Tumblr or Wordpress blogs, where the subdomain "owner" could conceivably want to issue their own subdomains, or, heaven forbid, do client-cert signing for their subdomain.
> If you have a test domain you can stick it on CloudFlare and get a certificate for free without the private part becoming public.
It all comes down to the fact that CA's don't want you to sign your own certificates, even when it's one of your subdomains unless you pay the big bucks. Best thing to do it still to create your own CA and sign certs for these kinds of things since it's meant for testing and development anyway. It's not that hard, anyone can use some command line can do it.