No, existing certificates should not be reissued. We can't trust that they were issued to the rightful owner originally by the failed CA. Clients should request new certificates and validate their ownership from scratch.
Getting a certificate is an hour's work tops if you are doing the csr dance manually. If you use ACME and letsencrypt it's done in seconds.
EV certificates are more work but if this matters to you then perhaps you should source multiple certificates to begin with, or act quickly when a CA is dropped (I'm sure browser vendors will give at least a few days notice)
Edit: Maybe I misunderstood you. If you just meant that software in general should offer requesting certificates from any provider, then sure, why not just use ACME. CertBot appears to be designed with multiple providers in mind. But this doesn't really have much to do specificially with the case of CAs being dropped from the root. (At first I got the impression you wanted other CAs to "bail out" certificates from the revoked CA)
Getting a certificate is an hour's work tops if you are doing the csr dance manually. If you use ACME and letsencrypt it's done in seconds.
EV certificates are more work but if this matters to you then perhaps you should source multiple certificates to begin with, or act quickly when a CA is dropped (I'm sure browser vendors will give at least a few days notice)
Edit: Maybe I misunderstood you. If you just meant that software in general should offer requesting certificates from any provider, then sure, why not just use ACME. CertBot appears to be designed with multiple providers in mind. But this doesn't really have much to do specificially with the case of CAs being dropped from the root. (At first I got the impression you wanted other CAs to "bail out" certificates from the revoked CA)