As you have found we do generate new Self Signed certs on a reboot.
Steps should be ensure you have set the SHA setting to match your third party cert(I'd hope SHA256),
-If you are changing from one SHA setting to another then delete the existing certs and reboot.
-If this settings is already correct you can just delete the existing self signed certs and continue with the adding instructions.
For those that are looking for full instructions see this doc: How to Add a Third Party Certificate to a Cloud Service Appliance
Okay, that makes perfect sense. Thank you!