Your JSON version of the CSR does not include proof that you are in possession of the private key for that public key. One of the main points of the CSR is to include that proof (by signing the CSR with the private key for the public key it includes).
Of couse you could extend that JSON, but in the end you will end up with a complex thing that does a subset of what the CSR format does, but there is no existing library support for creating these things. Which in the end is forcing everyone to invest a lot more work. (Which isn't an issue for Big Tech, but for Small Tech and Small Web. Which is exactly what you wanted to avoid.)
Regarding the signature algorithm not supported: maybe you are using SHA-1, which has been deprecated for a looooooooooooooong time and finally got disabled recently? Rejecting SHA-1 CSRs and validation using TLS 1.0 / 1.1 URLs