Private keys are always generated on your system! It’s very important that the CA (or anybody else) never sees nor has access to your private keys. So, for generating those, it’s all your box.
I also think that CloudFlare’s method is really cool.
A certificate from Let’s Encrypt will mention the subject public key, which is the certificate applicant’s own public key. As @jared.m mentions, this is generated on your own system, by your own Let’s Encrypt client application, as a consequence of generating the corresponding private key. If you’re using Certbot, the key generation step takes place at
This, in turn, is using the OpenSSL library to generate the key. OpenSSL will use your system’s built-in CSPRNG, typically accessed through /dev/urandom, for randomness when generating the private key. (I believe it uses its own internal CSPRNG which it seeds with data read from /dev/urandom.)
When Let’s Encrypt issues the certificate, it signs it using an HSM. The signature is made with Let’s Encrypt’s own private key, which was also originally created by the HSM, and used the HSM’s internal CSPRNG. There is some additional randomness added to each certificate (as required by industry rules in order to mitigate the impact of potentially unknown hash collision techniques), which you can find in the certificate serial number.
This is using the Go language’s crypto/rand package.
The Boulder CA also uses crypto/rand to generate large numbers of random numbers that are used extensively within the ACME protocol (for example, for random challenge values).