The official Let's Encrypt client can either use an already-created key pair1, which you can generate under any circumstances you prefer, or it can perform the generation for you, which it will do with OpenSSL, see letsencrypt/crypto_util.py4.
Okay, thanks for the reply. So basically it just uses OpenSSL too.
The Let's Encrypt official client does not currently mix any additional entropy into the pool, so it's a good idea to run it after the system has been up for at least a few minutes.
Okay, good to know. But maybe that's something you can add in future versions.
The key length for RSA defaults to 2048, but you can adjust up it with a command line flag.
Okay.