Hmm... changing the Patch Manager console should not have (by itself) changed the cert that is used for 3rd party packaging. The 'private' portion of that cert lives on the WSUS server in the WSUS certificate store. The public version is deployed to the Trusted Root Certification Authorities and Trusted Publishers certificate stores on the Patch Manager server(s), the WSUS server, and all the clients that will be receiving 3rd party updates from that WSUS server.
Basically, when you publish a 3rd party package using Patch Manager to your WSUS server, the WSUS server will "sign" that update with the certificate. Later, when a machine needs to get that 3rd party update from WSUS (whether it is part of a normal patching cycle or you have used one of our tasks to deploy the update), the target machine needs a copy of that cert so it can confirm that it matches the cert the update was signed with.
So, if the certificate on the WSUS server has changed, you might need to redistribute it, and you can typically use domain Group Policy to do so. The Patch Manager administrator guide has a section on how to distribute the cert to those two certificate stores mentioned earlier using group policy. There is also a "Certificates Management" task in Patch Manager that you can run against a machine or group of machines to deploy the cert out to the proper stores without using Group Policy.
Side note: if your cert on your WSUS server DID change, all previous updates that were published with the OLD cert aren't valid any longer; you would need to either delete them off the WSUS server (if they are no longer needed) or republish them with the option to "re-sign existing selected packages" checked in the publishing wizard.