This post https://techcommunity.microsoft.com/blog/iis-support-blog/error-hresult-0x80070520-when-adding-ssl-binding-in-iis/377281 made me suspect a problem during import.

I got rid of the HRESULT: 0x80070520 message by deleting and re-importing the certificate, with “Allow this certificate to be exported” checked.