SSL wildcard certificate missing private key after vendor auto renewal

A vendor (in this case godaddy) auto renewed an existing wildcard SSL cert.  This was renewed against the original CSR of which the server no longer existed.

Upon import to a server (that already had the private key for the expiring certificate) it did not associate a private key and could not be used.  The vendor told us to “re-key” the certificate however this would invalidate the current, live certificate within 3 days.  We could not carefully plan and reconfigure all dependencies within 3 days.

Fortunately the simple was simple.  From a server that already has the private key from the previous certificate extract the thumbprint of the new certificate and run the following,

certutil -repairstore my {thumbprint}

This should locate the primary key and associate with the new cert.