My guess is that you have both a self-signed cert (probably left over from
testing) and the real cert and you're referencing the wrong one. The cert used by Tomcat is defined by the "alias=" attribute and by default, its name is "tomcat".
You can use the keytool -list command to enumerate the certs and private keys in the keystore database. And do pay attention to the difference between a cert and a private key!
Something that might help is the portacle GUI tool for manipulating keystores and certs.
Finally, the keystore is a simple file containing the keystore database. You can copy it and pound on it to you heart's content (as long as you have the password!). So you don't need to actually launch Tomcat while you're setting things up and you don't need to have it stored on the live server while you work on it (although basic security would dictate that you don't just leave it lying in the open, even though it is heavily encrypted.
SSL certs are based on trust. There are a set of core certs pre-installed in JVMs, web browsers, and other SSL participants and installed certs. I did a quick check on GoDaddy, and for my Firefox browser, it appears that one of those certs is for GoDaddy itself. I've been using LetsEncrypt, so the built-in cert at the root of the chain of trust for me is DST Root CA X3 from Digital Signature Trust Co. and that cert is valid until September 30 2021. LetsEncrypt provides the second cert in the chain as Let's Encrypt Authority X3, the end of the chain is my own cert (www.mousetech.com).
Each cert in the chain is vouched for by its parent, so you have to add them starting at the root and working outwards to the end. Otherwise adding a cert will fail because no prior cert is vouching for it.
The chain can be several elements long. I had one cert with a root cert, 2 intermediate certs and the client cert. The second intermediate cert had to be vouched for by the first intermediate cert, which was vouched for by the root cert. And each cert had to have a distinct alias in the keystore. The actual alias name wasn't important, only that it was unique.