Hi, i have very wierd issue, i installed lets encrypt certificate 3 month ago without any problem but when i tried to renew my certificate [cuz it will expire on 19/02/2022] i got an error in the client browser : The client and server don't support a common SSL protocol version or cipher suite
If you access the website now you will not get any error but if i renew i get that error and the output of SSL Labs is :
as fas as i'm concerned my server uses only 3 weak cipher suite which makes all client reject ssl handshake but the weird thing is why the first lets encrypt certificate is still working and the issue happen only after renew ??
My domain is: www.mahakim.ma, mahakim.ma
My web server is (include version): IIS (Version 10.0.17763.1)
The operating system my web server runs on is (include version): Windows Server 2019 (10.0, Version 17763)
My hosting provider, if applicable, is: On premise
I can login to a root shell on my machine : yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): IIS Control panel
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): win-acme 184.108.40.206
Try updating the ciphers that Windows is set to support.
The simplest way is with a tool from Nartac, called IISCrypto.
See: Nartac Software - Download
[note: The changes are made into the registry, and thus require a reboot to take effect]
thank you for your reply
i already did that with iiscrypto as you mentionned and rebooted but i still having this issue
should i regenerate the certificate after this change ???
The certificate doesn't control the ciphers Windows uses.
So, no; Renewing/changing the cert won't do anything to help you with this problem.
you get those ciphers because i removed https from the website
if you notice i setup redirection module to redirect https to http so client will not notice any issue
till now i still have this big problem of ciphers
In what world?
Ciphers are used in encryption.
HTTP does not encrypt; Thus, HTTP will never use any ciphers.
Are you able to open a web browser (edge or chrome) on the same machine running win-acme and browse to
https://acme-v02.api.letsencrypt.org/directory - if so that would suggest your current supported levels of TLS and Cipher suites are fine.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.