Yes. They can already do this more reliably by disabling your domain name, though (not to mention your hosting).
Edit (T+16 minutes):
I said "more reliably" because not all TLS clients perform CRL or OCSP checks -- as mentioned in other comments -- so it's not 100% effective. Web browsers probably mostly all do, though. Certainly enough of them do that running a website with a revoked cert is impractical.
As for disabling your domain name, if you don't know, that really does happen. US law enforcement seizes domains on US TLDs (such as .com) all the time. Edit (T+23 minutes): ... and registrars have been known to cave to strongly-worded letters from civilians, too (see e.g. Go Daddy, MySpace and seclists.org several years ago).
Edit (T+16 minutes):
I said "more reliably" because not all TLS clients perform CRL or OCSP checks -- as mentioned in other comments -- so it's not 100% effective. Web browsers probably mostly all do, though. Certainly enough of them do that running a website with a revoked cert is impractical.
As for disabling your domain name, if you don't know, that really does happen. US law enforcement seizes domains on US TLDs (such as .com) all the time. Edit (T+23 minutes): ... and registrars have been known to cave to strongly-worded letters from civilians, too (see e.g. Go Daddy, MySpace and seclists.org several years ago).