GoDaddy makes it easy to buy an SSL/TLS certificate for a Windows Server running IIS. The difficulty comes during the renewal process.
GoDaddy will just automatically renew the certificate and send an email to download the information. This is an issue because you didn't create a new certificate request in IIS, so there is no existing request to complete in IIS with the information they send you. As a result their documentation doesn't work as expected. Once you complete steps 27-30, the certificate will just disappear from the Server Certificates section since there was no matching request.
Download your updated files from GoDaddy. The .zip file will contain three files, like:
The .crt and the .pem files are both the public part, in different formats, of the public/private key pair used by IIS. You need to get the private key, and GoDaddy doesn't have it.
Since this is a certificate renewal, you already have the private key stored in IIS! Now you just need to get it.
Make sure you have WSL installed on your Windows 10/11 PC. We are going to use a Linux tool (openssl) to manipulate the certificate. Open the app "Ubuntu on Windows". This will open a terminal to your WSL Ubuntu instance.
cd /to change directory to the root of the Ubuntu file system
cd /mnt/c/datato change directory to the C:\data folder on your Windows PC
c/datapart should correspond to whichever folder you copied "temp.pfx" to
openssl pkcs12 -in temp.pfx -nocerts -out priv-key.pem -nodes
openssl pkcs12 -inkey priv-key.pem -in 32f1fede5cde5dd.pem -export -out mynewcert.pfx
Certificate renewal only needs to be done every year or two so it's difficult to remember the steps. Note that you can probably also install some version of "openssl" directly on Windows, but I was more comfortable just using the Ubuntu version. Remember to clean up your .pfx files when done.