Forgot one point:
1. delete "crypto pki trustpoint"
2. delete the .cer file in nvram
3. then rename the switch to something else
4. then create the ssh key and do a write
5. then rename the switch back to it's original name and "wr" and finish!
Then never make ssh generate again on that switch