First of all, a private key is needed before genreate a signing request. Either
use openssl
openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
or use Azure key vault specially