Invoke-WebRequest, The request was aborted: Could not create SSL/TLS secure channel

Question

Trying to connect to a website on an API. I can connect from Windows 10, Server 2016, Server 2019, but not from Server 2012r2.

Using WinHttp SendRequest, the error is 12175. "One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server." (Microsoft)

Reading online, seemed to point to a WinHttp problem with TLS 1.1/1.2. I did some investigation using ProcMon and saw that PowerShell uses WinHttp during Invoke-WebRequest. Calling the web API via Invoke-WebRequest gave the exception message: "The request was aborted: Could not create SSL/TLS secure channel"

So, I found some websites and tried to enable TLS 1.1 and TLS 1.2 on the Server 2012r2 box. Here is some PowerShell for the changes and the results:

dir 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1'
dir 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2'

echo ""
echo "WinHttp Default Secure Protocols"
(Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp' DefaultSecureProtocols).DefaultSecureProtocols
(Get-ItemProperty 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp' DefaultSecureProtocols).DefaultSecureProtocols

The results are:

    Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1


Name                           Property                                                                                                                                  
----                           --------                                                                                                                                  
client                         DisabledByDefault : 0                                                                                                                     
Server                         DisabledByDefault : 0                                                                                                                     


    Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2


Name                           Property                                                                                                                                  
----                           --------                                                                                                                                  
Client                         DisabledByDefault : 0                                                                                                                     
Server                         DisabledByDefault : 0                                                                                                                     

WinHttp Default Secure Protocols
2560
2560

And on top of all this, went to Group policy and tried enabling the FIPS algorithm. Still can't get it to work using SendRequest in WinHttp.dll or Invoke-WebRequest using PowerShell. In

At the beginning of the PowerShell script with Invoke-WebRequest, I also tried setting the security policy at the start of the script:

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

And, it is reported as: Ssl3, Tls, Tls11, Tls12

I put in the website at ssllabs.com and it reported it is using TLS 1.2 and no others.

Reported cipher suites of:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH x25519 (eq. 3072 bits RSA)   FS   128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS   256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   ECDH x25519 (eq. 3072 bits RSA)   FS     256

What else am I missing trying to get past this protocol error using WinHttp and/or PowerShell?