Using external SSL certificates with Winhost

Today I installed an SSL certificate onto a Winhost-hosted site. I didn't want to pay for a certificate from their business partners, so I needed to generate and load an external one. They gave me a CSR, which made things a little trickier than usual. My usual way of getting Let's Encrypt certificates is just to generate a completely fresh one, but that tool can take an external CSR. That requires also having a pre-generated private key PEM, and I can't find a way to conveniently do that on Windows. Fortunately, it's not too hard to generate a key with OpenSSL on Bash on Ubuntu on Windows. After moving that out where Windows applications can see it, I got a signed certificate from it. Winhost wants the PEM version of the certificate file, so -ExportCertificatePEM works as usual.