Can I use my old CSR?

Some web servers allow this, but we recommend (for security reasons) a new CSR with every renewal.

If you use the original CSR and someone previously acquired the private key without your knowledge, there is still a risk that you will be attacked during encrypted sessions.
If you are using a new CSR, no one with the private key will be able to decrypt your encrypted sessions if you apply the new certificate issued by the new CSR.