diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7155fa0d7..fe806de29 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 
 * Don't send OCSP requests for expired certificates
 * Return to using platform.linux_distribution instead of distro.linux_distribution in OS fingerprinting for Python < 3.8 
+* Updated the Nginx plugin's TLS configuration to keep support for some versions of IE11.
 
 ### Fixed
 
diff --git a/certbot-nginx/certbot_nginx/constants.py b/certbot-nginx/certbot_nginx/constants.py
index 92dc9e79d..fbf6ed424 100644
--- a/certbot-nginx/certbot_nginx/constants.py
+++ b/certbot-nginx/certbot_nginx/constants.py
@@ -37,6 +37,10 @@ ALL_SSL_OPTIONS_HASHES = [
     '02329eb19930af73c54b3632b3165d84571383b8c8c73361df940cb3894dd426',
     '108c4555058a087496a3893aea5d9e1cee0f20a3085d44a52dc1a66522299ac3',
     'd5e021706ecdccc7090111b0ae9a29ef61523e927f020e410caf0a1fd7063981',
+    'ef11e3fb17213e74d3e1816cde0ec37b8b95b4167cf21e7b8ff1eaa9c6f918ee',
+    'af85f6193808a44789a1d293e6cffa249cad9a21135940800958b8e3c72dbc69',
+    'a2a612fd21b02abaa32d9d11ac63d987d6e3054dbfa356de5800eea0d7ce17f3',
+    '2d9648302e3588a172c318e46bff88ade46fc7a16d6afc85322776a04800d473',
 ]
 """SHA256 hashes of the contents of all versions of MOD_SSL_CONF_SRC"""
 
diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf
index a678b0507..731e38919 100644
--- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf
+++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf
@@ -10,4 +10,4 @@ ssl_session_timeout 1440m;
 ssl_protocols TLSv1.2;
 ssl_prefer_server_ciphers off;
 
-ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf
index 1933cbc4f..33771a189 100644
--- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf
+++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf
@@ -11,4 +11,4 @@ ssl_session_tickets off;
 ssl_protocols TLSv1.2;
 ssl_prefer_server_ciphers off;
 
-ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf
index 52fdfde24..91197d2c8 100644
--- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf
+++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf
@@ -10,4 +10,4 @@ ssl_session_timeout 1440m;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_prefer_server_ciphers off;
 
-ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf
index 978e6e8ab..98b1c4ab9 100644
--- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf
+++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf
@@ -11,4 +11,4 @@ ssl_session_tickets off;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_prefer_server_ciphers off;
 
-ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";