So that's only the RSA-based cipher suites, which will mean that you can't connect to any systems using ECDSA, which is a bigger and bigger part of the Internet.
The ECDSA ones shouldn't be considered "weak". Even if you don't want to use the Nartac software directly, their list of best practice cipher suites looks pretty good to me.
The Microsoft cipher suite documentation (click through the link there to your specific OS version) says,
- To use group policy, configure SSL Cipher Suite Order under Computer Configuration > Administrative Templates > Network > SSL Configuration Settings with the priority list for all cipher suites you want enabled.
So that's probably the "official" method, though I think the utility is just doing the same thing under the hood. How did you disable these cipher suites in the first place? You can probably use the same method to reenable the ECDSA ones.
Be aware that Let's Encrypt regularly changes where they're validating from. They need to make sure that you control the domain name as seen from everywhere on the Internet, since they're issuing a certificate that's valid for everywhere on the Internet. I'm going to post again the link that Bruce posted: