[pfg]

HPKP is based on the public key, so you don't necessarily need to obtain signed certificates in advance - generating a key pair and keeping the private key safe would suffice.

There is some value in ensuring that a CA is willing to sign a certificate using those keys in case something went wrong during the key generation (i.e. a key size or curve that's not supported by the Web PKI), so it might be considered a best practice to do that regardless.

[viraptor]

It's possible. But if you're in a disaster recovery situation, do you want to add the step of granting the certificate as well? Do people on call have access to the company credit card to get one?

It's easier to just get a full cert ahead of time.