Windows win-acme failed to Let's Encrypt API End point

Hi, recently I got this error
"2025-07-04 12:39:49.765 -07:00 [ERR] Failed to create order
System.Net.Http.HttpRequestException: An error occurred while sending the request.
---> System.Net.Http.WinHttpException (80072F8F, 12175): Error 12175 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'A security error occurred'.
at System.Threading.Tasks.RendezvousAwaitable1.GetResult() at System.Net.Http.WinHttpHandler.StartRequestAsync(WinHttpRequestState state) --- End of inner exception stack trace --- at PKISharp.WACS.Services.ProxyService.LoggingHttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken) at ACMESharp.Protocol.AcmeProtocolClient.SendAcmeAsync(Uri uri, HttpMethod method, Object message, HttpStatusCode[] expectedStatuses, Boolean skipNonce, Boolean skipSigning, Boolean includePublicKey, CancellationToken cancel, String opName) at ACMESharp.Protocol.AcmeProtocolClient.SendAcmeAsync[T](Uri uri, HttpMethod method, Object message, HttpStatusCode[] expectedStatuses, Boolean skipNonce, Boolean skipSigning, Boolean includePublicKey, CancellationToken cancel, String opName) at ACMESharp.Protocol.AcmeProtocolClient.GetDirectoryAsync(String relativeUri, CancellationToken cancel) at PKISharp.WACS.Clients.Acme.AcmeClient.<>c__DisplayClass23_0.<<EnsureServiceDirectory>b__1>d.MoveNext() --- End of stack trace from previous location --- at PKISharp.WACS.Clients.Acme.AcmeClient.Backoff[T](Func1 executor, Int32 attempt)
at PKISharp.WACS.Clients.Acme.AcmeClient.EnsureServiceDirectory(AcmeProtocolClient client)
at PKISharp.WACS.Clients.Acme.AcmeClient.ConfigureAcmeClient()
at PKISharp.WACS.Clients.Acme.AcmeClient.GetClient()
at PKISharp.WACS.Clients.Acme.AcmeClient.CreateOrder(IEnumerable`1 identifiers)
at PKISharp.WACS.Clients.Acme.OrderManager.CreateOrder(String cacheKey, Target target)"

For fixing that connection, I applied some of cipher suites. But What I applied those ciphers were worked fine on some VMs. but from other VMs were not.

Q1. What is the root cause and how can I fix that issue?
Q2. Recently is there any update on LE endpoint regarding TLS connection?
Q3. and is there any universal cipher suites for LE endpoints which can be applicable from Windows 2012 and higher OS version?

Thanks

Yes, there was a recent change that has affected older Windows servers. Please see below post that explains the change and its linked article for the changes you should make to your system.

2 Likes