One of the certificates is signed with a SHA1 signature. We recommend that you reissue or replace this certificate with one that uses a SHA-2 signature. Contact your SSL provider about how to do this. Read more about the SHA-1 deprecation here

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:fxpackage.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

hi
after export xertficate fullchain i have an error when checking the cert sslshopper

One of the certificates is signed with a SHA1 signature. We recommend that you reissue or replace this certificate with one that uses a SHA-2 signature. Contact your SSL provider about how to do this. Read more about the SHA-1 deprecation here.

1 Like

Your chain isn’t what it should be:

Certificate chain
 0 s:CN = fxpackage.com
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:O = Digital Signature Trust Co., CN = DST Root CA X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
 2 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

As you can see, you’re also sending the root certificate as the second cert in your chain. This is not necessary and it’s probably the reason of the SHA-1 error. Which by the way isn’t a problem for root certificates.

Rebuild your fullchain so it only sends certificates 0 and 2 of the above list (i.e., your end leaf certificate and the intermediate certificate).

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.