TLS 1.0 required?

[x-perienced]

Hi. Since the best practice is to disable TLS 1.0 and TLS 1.1 I did on one of our Windows servers. The problem is that using MSPC with Let's Encrypt stopped working. I tried everything without any good result until I once again enabled TLS 1.0 and that solved all. My question is why is it using TLS 1.0?? Can you please tell me how to have the deprecated TLS disabled but still use Let's Encrypt?

Best regards

[ebekker]

https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/

In PWSH, you can also do:

[System.Net.ServicePointManager]::SecurityProtocol = "Tls12";

[x-perienced]

Thank you. I tried this but I still get errors when using the MSPC. I get: Could not validate the choosen hostname for the certificate. No certificate issued. Here is the settings on the server. I run all updates and all .NET versions updated.

[ebekker]

Also, global system-wide changes:

# Set strong cryptography on 32 bit .Net Framework (version 4 and above) so TLS 1.2 or above it used
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

[ebekker]

Hmm, not sure why you would get that particular error. What is MSPC?

Do you have any proxy services in the middle between your servers and the outside world?

[x-perienced]

Thank you. I've applied your settings and restarted the server but I keep getting the same error. If I enable TLS 1.0 all is OK. And I use no proxy.

[x-perienced]

Hi again. I found the problem for the last domains that had the problem. They all run Umbraco. I renamed the web.config installed Let's Encrypt and all OK. I renamed the web.config back and all is OK.