Hello Bruce and all!
A while ago I wrote a secure webserver, using Clarion 10 and Nettalk 10. It worked fine (LE-wise in updating the certificate) both on my development machine (Win 10 pro) and later on the remote server (W12K) in the data-center. All I had to do was copying the entire directory, adjusting the remote firewall and all were perfect! The used ports are 80 and 443.
Now that this one was so easy, I wanted more!
For internal use I run several webserver on my local LAN. By now all were insecure, all reachable from the outside via port 80. To achieve this, I have the Apache Webserver running, being used as a Reverse Proxy. That means, a domain like blabla.no-ip-com was directed to my LAN. Here that Apache gets the request, looks up, which computer is in charge for this address and passes the request to that internal IP-address:Port. The Apache 2 is running on a Raspberry pi machine, using the ports 80 and 443 for himself. Works fine also!
What I now wanted was to get this new secure webserver being reachable via that Raspberry. So I added the required information to the Apache, opened the secure port for this new webserver in my routers firewall for my development machine. Lets Encrypt find it, send my a certificate. now I have a secure NT-webserver on my LAN, too!
However, thats on my development machine. Its not meant forever, so I copied the entire stuff from here to my local 24/7-server, adjusted the Apache settings on the Raspberry, the firewall settings on my router, ran the server on its new location and .... nothing!
All I get are responses in the webbrowsers like "no cipher overlap" and stuff like that. Each browser has another error message.
Reverting the settings, all is fine now again. The difference between my development machine and the 24/7-server is the OS. My development machine has Wind 10 pro, while the 24/7-server is still W2008K.
My question now: Is the encryption in use depending on the operation system?
Thanks for your patience in reading this long story.