Currently, the SSL management (for NodeWorx as well, I think) requires a certificate be deleted before a new one can be added. This sets up a window of time that the end user of the website will get SSL errors.
SSL issuers encourage submitting a completely new private key / CSR. This isn't possible without entirely breaking the SSL configuration from the time the new private key is generated to the time the SSL issuer approves the order.
The SSL certificate must be deleted, then a new one installed. The end user would be receiving SSL warnings between those steps.
The SSL chain certificate must be deleted, then a new one installed. The end user would be receiving SSL warnings between those steps. Additionally, if the chain certificate does not apply to the SSL certificate, the SSL certificate installed in point 2 would be invalid.
I recommend changing the input UI to edit all components at once, including the possibility of generating a new private key / CSR.
At no point should any of the SSL components being edited get installed into the live configuration until the user clicks an "Install SSL Configuration" button. Everything before that click should be editing SSL files that are not affecting the live user experience.
Basically, it should be possible to install or replace a SSL certiciate with no downtime on the HTTPS side.