Did you ever have to re-sign the Application and Deployment manifest for a VSTO 3.0 ClickOnce add-in?
My customer had written a VSTO 3.0 add-in but could not publish(ClickOnce) it directly as he did not have access to the production environment. Further more there was a need to change a setting in the config file. He create a Web Setup project to deploy all the file and also altered the config file using a custom action in the setup project.
Changing the config file invalidated the hash and now the application and deployment manifest for the add-in had to be resigned. In case you have never done it before, below are links to a very good blog post and a Channel9 video on how to re-sign the VSTO 3.0 manifests using MAGE.
Re-signing ClickOnce Application and Deployment Manifests with MAGE
https://channel9.msdn.com/posts/funkyonex/Resigning-ClickOnce-Application-and-Deployment-Manifests-with-MAGE/
Signing and re-signing manifests in ClickOnce
https://blogs.msdn.com/vsto/archive/2009/04/29/signing-and-re-signing-manifests-in-clickonce.aspx
Enjoy!