How does Let's Encrypt create the private key?

The answer is going to be different for every client, of course.

The official Let’s Encrypt client can either use an already-created key pair, which you can generate under any circumstances you prefer, or it can perform the generation for you, which it will do with OpenSSL, see letsencrypt/

The Let’s Encrypt official client does not currently mix any additional entropy into the pool, so it’s a good idea to run it after the system has been up for at least a few minutes.

The key length for RSA defaults to 2048, but you can adjust up it with a command line flag.