I'm pretty sure you should be using SHA-256. Are you getting that error from the ACME server, or something in your code that's creating the CSR?
This change was announced here; you should subscribe to the API Announcements category if you maintain an ACME client so that you don't get surprised by this sort of thing in the future.