Add link to cipher suite fix

Author: webprofusion-chrisc

docs/guides/troubleshooting.md

@@ -9,10 +9,14 @@ If you see this type of error reported by the UI, see [Background Service](../ba
 ## Issues communicating with the CA
 In normal use the app must be able to talk to the ACME API for your chosen Certificate Authority (e.g. Let's Encrypt). If you see an error reported such as `The ACME service (directory) is unavailable.` this would indicate your machine is not able to establish communication with the CA service.
 
+Common Error Messages:
+- *CA ACME Directory is not accessible*
+- *Could not create SSL/TLS secure channel*
+
 Common reasons for connectivity issues include:
+- TLS 1.2 not enabled or **an incompatible set of TLS ciphers is enabled**. We recommend using the IIS Crypto tool from Nartac in Best Practises mode to configure general TLS settings. Let's Encrypt changed their API in May 2025 which did affect older Windows systems and we have a [suggested fix.](https://community.certifytheweb.com/t/fix-could-not-create-ssl-tls-secure-channel-when-attempting-a-certificate-order-with-lets-encrypt-or-ca-acme-directory-is-not-accessible/2558)
 - A service outage at the CA, check our [Certificate Authorities](certificate-authorities.md) list to see if your CA has a status info page.
 - Blocking outgoing https (TCP port 443, outgoing) in Windows Firewall or at the network level.
-- TLS 1.2 not enabled or an incompatible set of TLS ciphers is enabled. We recommend using the IIS Crypto tool from Nartac in Best Practises mode to configure general TLS settings.
 - Inability to communicate via common cloud based service providers such as Cloudflare (perhaps due to IPv6 routing issues or some kind of blocking).
 
 To see if there is a connectivity issue, find out the ACME API endpoint for your chosen CA and check you can communicate with it, e.g. for Let's Encrypt, using PowerShell: