1.2.3 Creating CSRs from Existing Certificates
You can save yourself some typing if you’re renewing a certificate and don’t want to make any changes to the information presented in it. With the following command, you can create a brand-new CSR from an existing certificate:
$ openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key
Unless you’re using some form of public key pinning and wish to continue using the existing key, it’s best practice to generate a new key every time you apply for a new certificate. Key generation is quick and inexpensive and reduces your exposure in case of a compromise that went undetected.