you let's encrypt live folder should contain the following artifacts if you used certbot without the CSR command
The private key is NOT there for you because it's in your java key store.
The fact that you are getting a mismatch is one of three possibilities
A) You created the CSR from the wrong store
B) You are importing the certificate in to the wrong store
C You are importing the wrong certificate in to your store
I would suggest reading the article below carefully (it explains all the concepts) and following rather than just using the scripts (as you may not be using the syntax correctly)
I know it's your first time working with Tomcat but understanding the concepts is a better investment of time in my opinion than trying lots of different things and hoping one works 
Andrei