For closure here, this is a pressumed "certificate signing request" that was generated and placed in the .csr file, which needed to be signed by a real person (using the personal key your.cert) in order to be accepted by a certificate signing authority (like "Let's Encrypt" which is what I use). Did I get it right? (for everybody else's reading benefit)