Fixed my own problem by sidestepping the RemoteDesktopServices module.
@Anonymous thanks for that input, I'm 100% confident that would have been a working answer, however in my case I didn't want to spin up a second host for the minimal use RDGateway I needed.
making use of the WMI route in PS I was able to assign the cert to the RDGateway service:
# Gets us the incoming cert details from Certify
param($result)
# Thumbprint of the new certificate
$newCertHash=($result.ManagedItem.CertificateThumbprintHash)
# Convert to byte array
$ByteArray = ($newCertHash -Split "(?<=\G\w{2})(?=\w{2})" | ForEach {[Convert]::ToByte($_,16)})
# Set certificate via WMI because RemoteDesktopServices module is a pile of shite
$wmi = (Get-WmiObject -Class "Win32_TSGatewayServerSettings" -Namespace "root\cimv2\terminalservices")
$wmi.SetCertificate($ByteArray)
# Restart RD Gateway Service
Restart-Service TSGateway