René,
As you have found out, "the only way to upgrade a cert/key pair on the CSS is to suspend the
proxy list then make the change.
However, with redundant CSS, the best way is to make cert/key changes on the backup CSS, then the other CSS. This will not disrupt service."
I have searched the archives of requests to the development team and that answer seems to be consistent. (I did not just make up the answer, it is basically a cut-and-paste of previous answers from development)
I am not aware of any effort to change this, as it is a fundamental requirement of how it was designed.
Hope that helps...
-Steve