The client and server don't support a common SSL protocol version or cipher suite

mustapha · February 18, 2022, 10:14am

Hi, i have very wierd issue, i installed lets encrypt certificate 3 month ago without any problem but when i tried to renew my certificate [cuz it will expire on 19/02/2022] i got an error in the client browser : The client and server don't support a common SSL protocol version or cipher suite
If you access the website now you will not get any error but if i renew i get that error and the output of SSL Labs is :

as fas as i'm concerned my server uses only 3 weak cipher suite which makes all client reject ssl handshake but the weird thing is why the first lets encrypt certificate is still working and the issue happen only after renew ??

My domain is: www.mahakim.ma, mahakim.ma

My web server is (include version): IIS (Version 10.0.17763.1)

The operating system my web server runs on is (include version): Windows Server 2019 (10.0, Version 17763)

My hosting provider, if applicable, is: On premise

I can login to a root shell on my machine : yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): IIS Control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme 2.1.20.1

rg305 · February 19, 2022, 12:29am

Try updating the ciphers that Windows is set to support.
The simplest way is with a tool from Nartac, called IISCrypto.
See: Nartac Software - Download
[note: The changes are made into the registry, and thus require a reboot to take effect]

mustapha · February 19, 2022, 5:45am

thank you for your reply
i already did that with iiscrypto as you mentionned and rebooted but i still having this issue
should i regenerate the certificate after this change ???

rg305 · February 19, 2022, 6:41am

The certificate doesn't control the ciphers Windows uses.
So, no; Renewing/changing the cert won't do anything to help you with this problem.

rg305 · February 19, 2022, 6:47am

I see more ciphers now:

mustapha · February 20, 2022, 4:58pm

you get those ciphers because i removed https from the website
if you notice i setup redirection module to redirect https to http so client will not notice any issue
till now i still have this big problem of ciphers

rg305 · February 20, 2022, 11:51pm

In what world?
Ciphers are used in encryption.
HTTPS encrypts.
HTTP does not encrypt; Thus, HTTP will never use any ciphers.

webprofusion · February 21, 2022, 4:07am

Are you able to open a web browser (edge or chrome) on the same machine running win-acme and browse to https://acme-v02.api.letsencrypt.org/directory - if so that would suggest your current supported levels of TLS and Cipher suites are fine.

system · March 23, 2022, 4:07am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Update your client software to continue using Let's Encrypt Help	9	935	February 6, 2021
LEts Encrypt certificates and cipher suites Server	2	7272	June 8, 2016
Second IIS binding not updated on renewal? - letsencrypt-win-simple Help	4	1373	July 28, 2017
Problem with renewing and creating certificate with let's encrypt Server	2	1194	March 27, 2017
Renewing Let's Encrypt SSL certificate Help	3	712	March 6, 2020

The client and server don't support a common SSL protocol version or cipher suite

Related topics