@My1 that would be fine if you knew who your users were, but a general web site can’t know that. Also, unless they start in http, you can’t even tell them anything, because all they get is a frightening message about someone trying to attack them before we have any opportunity to communicate with them, or drop back to http. It’s not even like a self-signed certificate - the browser simply won’t let the user proceed at all. So if, for example, someone follows a link in an email or another web site, or a Google search (which probably covers 90% of the cases!), as far as they are concerned it is a web site that just doesn’t work, when other similar sites do work because they got their certificate elsewhere.
In 5 year’s time maybe XP will be at such a low level that it is discountable, but as Facebook and Twiiter have been demonstrating recently, they think a big enough proportion of their traffic is coming from XP that they can’t afford to drop support for it.
Having said that, my site visitor who hit this for real is in California and should know better. But maybe his PC is one that isn’t able to be upgraded for whatever reason. In this case I do actually have contact with many of the people who use that site, but that’s not the point - it’s about the ability of LE to work peoprly on the wider anonymous internet where XP is still at 10 or 15% of the market worldwide.