If I understood it correctly, the problem is he doesn't have a key file, OR the only one he has is self-signed.
Well, AFAIK, you send a certificate request (server.req.pem) to CACERT and *never* your private key... then, they give you a certificate back... So you should have kept the corresponding key file (server.key.pem). If you didn't do that, then you have a problem :P.
Using cacert.org
I think I've got this sorted out now.
When I first requested the cert, I used the info in server.req.pem, but cacert's system gave me an error message. Something about missing info in the request data. So I manualy entered the missing data.
I recently requested a new certificate using the server.req.pem data and this time all went well and I got my certificate and it works fine.
Lets hope that when I get my server back running on the Linux system, it will continue working. 
When I first requested the cert, I used the info in server.req.pem, but cacert's system gave me an error message. Something about missing info in the request data. So I manualy entered the missing data.
I recently requested a new certificate using the server.req.pem data and this time all went well and I got my certificate and it works fine.
Lets hope that when I get my server back running on the Linux system, it will continue working.