SSL_PROTOCOL_ERROR in IIS 7.5

Dear Gurus!

My domain is: livesbook.ru

I installed the certificate obtained with Crypt-LE le64.exe

My web server is Windows server 2008 R2
I use IIS 7.5 and have full control off server

I load .pfx file into IIS, set binding this sertificate to livesbook.ru and get ssl_protocol_error (this site cannot provide a secure connection).
How to fix the error?
P.S. When open certificate in IIS I see: This certificate could not be verified by tracing it
to a trusted certificate authority
crt error

You are using the Staging version of the Let's Encrypt API, which is generally used for testing. I think you need to call it with --live instead.

3 Likes

Thank you, very much! I have corrected
crt error
but same error.

I don't think your cert is the biggest problem (see SSL checker link here).

But, many SSL config problems are shown by the SSL Labs report and a grade of F.
https://www.ssllabs.com/ssltest/analyze.html?d=livesbook.ru&hideResults=on

General advice on configuring servers is best done at communities focused on that server

4 Likes

As @MikeMcQ says you need to configure your server for modern TLS, which is harder for such an old operating system.

On Windows I generally use the best practises mode of the IIS Crypto tool to configure necessary registry settings.

I would advise moving your application to a modern version of Windows server or if windows isn't strictly required use a Linux server.

5 Likes

Thank you very much everyone, very fast and professional answers, I am very pleased.
I tried yesterday to open livesbook from ie-11 and everything is ok. Chrome and Opera said that the site is using an unsupported protocol, and Firebird said that the site may not support tls version 1.2, the minimum possible for firebirds. I will upgrade the protocols.
Later , of course, I will update the OS, now the current work takes all the time, but the time has come)
Naturally, I will switch to Linux and Python.
Great to work with you!

4 Likes

Ok in all browsers! Thanks all!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.