Convert .crt file to .cer and .key

You don't need to convert a CRT to a PFX. You can convert a CRT to a CER, and from there you can load it into the Certificate Store.

https://support.comodo.com/index.php?/Knowledgebase/Article/View/361/17/how-do-i-convert-crt-file-into-the-microsoft-cer-format

1. Right-click the CRT file and select "Open".
2. Navigate to the "Details" tab.
3. Click "Copy to File..."
4. Click "Next".
5. Select the "Base-64 encoded X.509 (.CER)" option, and click "Next".
6. Give your export file a name (e.g., "www.mysite.com-2019.cer"), and click "Save".
7. Click "Next".
8. Confirm the details, and click "Finish".
9. Open IIS, and navigate to the "Server Certificates" page.
10. Click "Complete Certificate Request" (on the right-nav).
11. Select your new CER file, specify a friendly name of your choosing (e.g., "www.mysite.com-2019"), and click "OK".

You should see the new cert listed in the "Server Certificates" page, under the "Friendly Name" that you chose.

Is the private key in the certificate file? In other words, in there a section that starts with

-----BEGIN RSA PRIVATE KEY-----

in the file?

If not, then the private key is stored in a separate file.

In any case, to renew a certificate, you don't need a certificate, but a certificate signing request (CSR), which you will send to the CA, and you will receive the certificate in return (alternatively, in some cases the CA may generate a new certificate using the previous stored CSR).

You can generate a new key with:

openssl genrsa -out <private key file name> 2048

then generate the CSR with:

openssl req -new -key <private key file name> -out <csr file name>

You keep the key, send the CSR to the CA. On return, you get the certificate, which together with the intermediate certificates and the private key, should be provided to the software used. In some cases they need to be in separate files, in others you can just lump them up together in a single file.