> Don’t we already just use the certificates to just negotiate the final encryption keys?
No, since forward secret key agreement the certificate private key isn't involved at all in the secrecy of the session keys; the private key only proves the authenticity of the connection / the session keys.
I meant to say agreed upon encryption protocol, not keys.
Certificates are commonly used to negotiate a symmetric key which I presumed would be vulnerable to quantum computing as well, but apparently AES has some more buffer and also it’s easier to add new negotiated protocols.
No, since forward secret key agreement the certificate private key isn't involved at all in the secrecy of the session keys; the private key only proves the authenticity of the connection / the session keys.