...
Openssl will create one key at a time where as utilities such as IBM's ikeyman can create both in one step. The private key is needed to complete the CSR. When it comes time for renewal, you can use your existing private key to generate the CSR and public key OR generate a new one.
Wiki Markup \[info\] There is no clear consensus on whether creating a new or using an old private key is considered best practice. It is not
There is no clear consensus on whether creating a new or using an old private key is considered best practice. It is not necessary to create a new private key depending on Info which web server you are using, (ie you'd need to create new private keys due to the way Microsoft IIS Web server handles storing private keys) but it seems the many sites like sslshopper.com recommends that a new private key be created as it avoids confusion and is simplest. Wiki Markup \[info\]
Info
Generate Server Private Key
...