I have a group of domains on one server. They share the ssl certificates generated by the getssl script. The sites are served by Apache 2.4 on a Debian server. For most users, including me, it works fine. Firefox and IE shows the green lock symbol with the Let’s Encrypt certificate information.
The strange thing is, some users, on some of these domains, cannot access the sites. In IE, they get the error message:
Activate TLS 1.0, TLS 1.1 and TLS 1.2 in the extended settings…
These settings are active.
All these sites have the same entries in the apache virtual host settings. However, even the same users that get the error, can access other of my domains, that also have the same settings.
Here is my apache config:
SSLEngine on SSLCompression off SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLHonorCipherOrder on SSLProtocol All -SSLv2 -SSLv3