Upgrading IIS site from .NET 4.8 to Core how transfer SSL?

I don’t see my question in the list so I’ll ask it here

I have a SSL cert for my .NET 4.8 site but now I want to upgrade that site to .NET Core. During my testing, I have created a new IIS site with a sub-domain and that has a SSL Cert.

When I’m ready to go live, can I just copy the old “www” .Net 4.8 “.well-known” folder over to .NET Core? and re-point the Certify the Web app to that new IIS?


Should I just create a new SSL Cert from scratch once I’m pointing to the new .NET Core IIS site?

If you are hosting the new site on the same server as the old site then the only thing that needs to change are the IIS site bindings. There are no files that you need to copy for the certificates if staying on the same machine.

You can:

  • remove the http and https bindings on the old site in IIS
  • create a new https binding on the new site with the correct website hostname set, enable SNI (Server name indication) on the binding, set the IP to (All Unassigned) and select the current certificate. Your site should now work normally with https. If you check the preview tab in Certify it should show that the next renewal will update the https binding as expected.

Alternatively, once you have your new site responding on http with the correct website domain, delete the existing https and https binding for the old site, delete the existing managed certificates and create a new one for the new site (to avoid confusion). There lots of ways you could approach it but this is probably simplest.

If you are actually moving to a new server then that’s potentially more complicated - you’d ideally change DNS and wait for the changes to work, then create a new managed certificate on the new server. Again, there’s other ways to do it but that’s the simplest.


It is the same server, thanks for the details and I’ll share how it goes if I run into any issues.

Another thing you can considering doing is just reconfigure the existing site in IIS to point to the new app by repointing the Physical path and changing the app pool. Then you wouldn’t have to change anything in Certify.