I’m not quite sure that offloading key and CSR generation to a third-party is the best idea to be honest, though depending on your level of trust in that third-party and how the data breach on their side (if it happens) might affect your business, you might still try that out of course.
Generating the key and the CSR on your side automatically is quite possible though and it does not really require any specific IT knowledge.
If you don’t mind using Perl client, you can try installing Crypt::LE and run it like this:
le.pl --key account.key --csr domain.csr --csr-key domain.key --crt domain.crt --domains “www.domain.ext,domain.ext” --generate-missing --live
Generate an account key for you (RSA 4096 bit) and save it into ‘account.key’ (keep that secure!)
Generate a key and CSR and save them into ‘domain.key’ and ‘domain.csr’
Get the certificate for you and save it into ‘domain.crt’ (merged with issuer’s, so it should work fine for both Nginx and modern Apache)
NB: –live option makes the script run against the live server. Drop it to test the process against the staging.
If you add –generate-only, then it will just generate and save an account.key (if it does not exist yet) and domain.key + domain.csr, so you could then just use those for whatever you like, not necessarily for getting Let’s Encrypt certificates specifically.