What I mean, do you know of such app that explicitly deals with CSR and not private key?
Cause some of them will probably create new key pair or will try to generate CSR from existing private key.
I sell my heart to pretty ladies, soul to devil and private key is not for sale.
you may also want to look at --stateless option, so it doesnât need to be even talk to webserver at all. (itâs nginx set to reply vaild challenge to any request from specific acme account.)