Ssl – IIS: Can connect to website via http but not https

httpsiislets-encryptsslwindows-server-2019

I can connect to my site via http but not via https.

In FireFox I get:

Secure Connection Failed. An error occurred during a connection to www.example.com. PR_CONNECT_RESET_ERROR

In Chrome I getL

This site can’t be reachedThe connection was reset.

Strange thing is that this Let's Encrypt certificate used to work (I'm trying to figure out what I changed that could've impacted this):
enter image description here

Bindings in IIS are set to use the correct certificate:
enter image description here
enter image description here

Registry keys (I've also set DisabledByDefault=1 for TLS 1.1):
enter image description here

netsh http show sslcert output:

Hostname:port                : www.example.com:443
Certificate Hash             : cdd3c28a460bdf024930a5e1a7fcc799fb9ea72e
Application ID               : {4dc3e182-e14b-4a21-b022-59fc669b0914}
Certificate Store Name       : WebHosting
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check                  : Enabled
Revocation Freshness Time    : 0
URL Retrieval Timeout        : 0
Ctl Identifier               : (null)
Ctl Store Name               : (null)
DS Mapper Usage              : Disabled
Negotiate Client Certificate : Disabled
Reject Connections           : Disabled
Disable HTTP2                : Not Set
Disable QUIC                 : Not Set
Disable TLS1.2               : Not Set
Disable TLS1.3               : Not Set
Disable OCSP Stapling        : Not Set
Disable Legacy TLS Versions  : Not Set

Hostname:port                : example.com:443
Certificate Hash             : cdd3c28a460bdf024930a5e1a7fcc799fb9ea72e
Application ID               : {4dc3e182-e14b-4a21-b022-59fc669b0914}
Certificate Store Name       : WebHosting
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check                  : Enabled
Revocation Freshness Time    : 0
URL Retrieval Timeout        : 0
Ctl Identifier               : (null)
Ctl Store Name               : (null)
DS Mapper Usage              : Disabled
Negotiate Client Certificate : Disabled
Reject Connections           : Disabled
Disable HTTP2                : Not Set
Disable QUIC                 : Not Set
Disable TLS1.2               : Not Set
Disable TLS1.3               : Not Set
Disable OCSP Stapling        : Not Set
Disable Legacy TLS Versions  : Not Set

Not sure if relevant, but when I test my site via SSL Labs I get an A+.

I already looked here:
Installed SSL for domain, now getting connection reset error

UPDATE 1
I enabled SSL for my website (and restarted):
enter image description here

Best Answer

It was because I had added key "TLS 1.3" to registry in

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

When removing that key everything works again.

Related Topic