Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.surfgate.be
I ran this command: Certify The Web + DigiCertUtil
It produced this output: This server supports TLS 1.0 and TLS 1.1. Grade capped to B
My web server is (include version): IIS 10
The operating system my web server runs on is (include version): Windows Server 2016
My hosting provider, if applicable, is: Own servers
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
As Jurgen said this is all web server configuration, and has nothing to do with the Certificate. You need to configure IIS to use TLSv1.2, especially with Google Chrome’s new updates coming out with showing a site not secure if it does not support the TLSv1.2 protocol.
Hi. Do changes also have to be made in letsencrypt/options-ssl-apache.conf ?? I recently sorted out some Apache servers and had to amend the following two files in order to pass:
I activated in the register (added) the TLS 1.2 protocol and disabled 1.0 and 1.1.
However, It remains activated even after several reboots (in the middle of the night) and didn’t find a proper solution to disable the older TLS versions or to force to use only TLS 1.2 on IIS 10.
Windows server 2016 (also 2019) doesn’t support TLS 1.3 (yet).
Nice! More than likely won’t see TLSv1.3 support in Windows for a while. Not actually supported in Linux OpenSSL under 1.1.x, meaning not CentOS 7 or Ubuntu 18.04.
