I could agree, but I for sure expect many support request like “I’ve configured Let’s Encrypt but I still see the old certificate on cockpit”.
We had plenty of such requests on the NethGUI when the reload async fails.
Probably I prefer the current behavior but less support requests.
Maybe @nrauso or @filippo_carletti have different opinions.
remove the restart of cockpit-ws, to avoid the session cut off
display a warning, trying to explain that to prevent disconnection the new certificate is applied to cockpit itself 90 seconds after all sessions are closed.