Scanning a site with TLS 1.3 as the minimum required version results in an A. Lowering the minimum required TLS version to 1.2 (with no other changes applied) results in an A+ for the same site. This suggests that the penalty for using outdated TLS versions and not supporting TLS 1.2 is also applied to sites that use TLS 1.3 but not support TLS 1.2.

Duplicate: #910, #863, #853, #815, #786, #711.
TL;DR: since FALLBACK can’t be tested, you can’t get A+. That’s silly, but the devs never acknowledged this.