That’s only true if your key is regenerated each time you request an updated certificate. This is not mandatory, and there are lots of guides on the internet for generating a csr from an existing key.
Sure but I don't think that's generally done or recommended. I think people only do that if they have certificate pinning, which on the web is pretty rare and getting rarer as browsers drop support for HPKP.