That makes sense. The documentation falls short in their explanation. If you generate a random private key, you should use that same private key in the entire process.
But there is no good reason not to use the private key generated by Certbot. It's just very weird your OpenSSL doesn't work. I'm running OpenSSL 1.1.1 too and it can perfectly read the private keys generated by Certbot.
It's still possible you're dealing with an ECDSA certificate. How many lines does the private key have? Just a few like 5 or 6? Or like 20-30?