well - not knowing your environment - but usually I would first update/migrate to ePO 4.6.6 / MA 4.6 (maybe MA 4.8) . On same server or via a temp server (and your're pointing IP/DNS to temp server when ready).
Then, if everything is fine - I woul go for ePO 5.x on a new server. As you may want to change some ports - I would migrate using the "tranfer agents" method (there is a KB aricle ~ move agents from epo 4.6. to epo 5 or so) as in this case your clients would get new port info automatically.
bzw: I really not like using 80/443 either....
Thanks for the reply
Bit of a pain them old agents
The thing is that upgrading every machine to a later version in existing EPO ...... time takes time
wondering what would happen if i would in EPO 5.X do the KB72936 change secure port -> redeploy agents, and yes will take some time -> then when job done (agents upgraded, change back to port 443)