I am going to be replacing a server because it has old hardware for a
new server. The server im replacing has master replicas and is also
our Certificate Authority.
What is the best practise on going about replacing it??

Would you move the current cert auth to a different server, then remove
the server and add the new one and then transfer the Cert Auth back.

Or as someone has suggested just delete the current cert remove the
server then when you add it back in you then then get told there is no
cert authority and it makes the new server being added the certificate

Then perform pkidiags and sdidiags on all servers.

Any Thoughts?