If you’re willing to incur some downtime none of the following steps are required, you can simply install win-acme on the new machine and re-request all certificates after the DNS has been switched over.
In the renewal manager you can use the
L option to generate the command line
options that may be helpful to recreate the certificates on the new machine. Note
that depending on your use of win-acme this may not be foolproof. Some things which
are possible to do through the GUI and/or by manipulating
.json files behind the
scenes are impossible to translate to command line arguments. Also you may be missing
certain dependancies on the new machine, such as vault secrets, acme-dns
To migrate to another machine without downtime, you may follow these steps.
The files in the directory that contains
wacs.exe can be copied to the new machine.
Alternatively you can download the latest release, but in that case make sure to
check the upgrade instructions for possible breaking changes to
take into account.
Move the configuration files to the new machine. They are stored in the
that can be customized in settings.json). Move these files
to new other machine.
If you’re using HTTP validation directly from the old machine (which is most common scenario), you will have to update your DNS records* before you can validate host names on the new machine
*) Don’t forget the AAAA/IPv6 records when doing so!
That means that in theory you won’t be able to get certificates before you go “live” on the new machine, which is a problem for services that require continuous availability. To work around this you can:
Test email notification