Ssl security not working with IIS for chrome

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version): windows VPS with GoDaddy

The operating system my web server runs on is (include version): windows 2019

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): plesk obsedian

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not sure

why is our site not fully secure in google chrome?

1 Like

Welcome to the community @ispace

Could you explain more what you mean by "not fully secure in google chrome"? Is there a message on a browser? What version of chrome and on what system (android, iOS, ...).

As background, on Sept 30 a Lets Encrypt root certificate expired and has caused various issues. Your server is sending a proper Lets Encrypt "short chain" as is common with IIS now. Earlier, your server would have sent the "long chain" for best compatibility with older android systems. Below are a couple links with details. We will need more info about your specific problem to assist more. Thanks


thanks so much for your reply, please look at the ssllabs report where you can see that there is an issue with TLS support and thats why we dont get an A grade


Oh, I guess you are concerned with this line then? Not sure what this has to do with chrome but ...

This server supports TLS 1.0 and TLS 1.1. Grade capped to B. MORE INFO »

Just follow that link for MORE INFO (also shown below) and it explains you should remove support for older TLS versions from your server config. I do not know how to do that for IIS but maybe someone else will assist if you do not know how.


thats right, i need a fix for this that i can apply withing plesk so that we can get an A grade


OK, well, this is a forum to help with Lets Encrypt certificates. Questions about configuring your server for TLS with Plesk is best addressed to your hosting company GoDaddy.


they have no solution for this issue


we have other ssl certificates with godaddy but they dont give us the tls errors


It has nothing to do with the certificate. I realize GoDaddy / Plesk may have it setup so they are configured at the same time but the certificate is not involved in the TLS versions used by your server. Maybe try a forum with GoDaddy experts using IIS to see what they have done. Or, try to see what is different about your other GoDaddy setups and apply that here.


I would like to concur with my fellow volunteer @MikeMcQ: TLS certificates can be used by any TLS protocol, be it the older SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 and newer. The certificate has no influence over the TLS protocol version used! This is a webserver configuration issue.

Also, I'm not sure how the grade B cap due to enabled older TLS protocol versions relates to the site not working in Chrome: I don't see the relationship to be honest, so perhaps you can clarify what the main goal is here: Chrome support or SSLLabs grade support?


Welcome to the Let's Encrypt Community :slightly_smiling_face:


It's your server, you can make it do whatever you want it to.
You just have to ask the right question (in the right place).
So far you haven't asked the right question nor have they been in the right place.

That said, @griffin has gone above and beyond to read through the lines and provide you with the right answer to a question you haven't yet asked.
Which is what? Then "What is the right question?"
Well, it's not a Plesk related question nor setting, it is a Windows OS question/setting.
To which the answer should be: You can Enable/Disable TLS protocols within Win2019.
[which can be easily done by using the Nartac product IISCrypto - link provided above]


thanks everybody for your input, i wish there was an easy way to deal with such issues within the plesk control panel


There's not. I looked. I gave you the easiest solution that I found. :slightly_smiling_face:


I can confirm that (the free tool) IISCrypto is currently the easiest tool to use, Click 'best practices', then apply and reboot.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.