What generated that CSR in the first place? Is it really necessary to use a CSR? The Certbot --csr option is reaaaaally not that sophisticated and lacks many regular Certbot features. E.g., when using --csr, the issued certificate is not stored in the Certbot certificate repository, it's only outputted to the current working directory with some incremental file names which are quite hard to predict. In essence, it's a manual process and manual processes are not recommended to begin with.
So my first advice would be: can you forgo with the CSR and use a regular method where Certbot generates the CSR for you?