"uses the SHA1withRSA signature algorithm which is considered a security risk."

For some reason Certbot seems to return a final certificate using SHA256withRSA which is weak. See certificate number 4 in the keytool list output below.

Here are the commands I used. I deleted some hashes and stuff I didn't think was relevant and replaced them with ...:

$ $JAVA_HOME/bin/java --version
openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.18.04)
OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.18.04, mixed mode, sharing)

$ sudo $JAVA_HOME/bin/keytool \
>     -alias jettyMjl \
>     -dname "CN=dev.memoryjoggerlibrary.com, OU=MJL, O=PlanBase Inc., L=Methuen, ST=Massachusetts, C=US" \
>     -ext SAN=dns:dev.memoryjoggerlibrary.com \
>     -genkeypair \
>     -keyalg EC \
>     -groupname secp256r1 \
>     -keystore /home/mjl/dev/etc/keystore \
>     -sigalg SHA256withECDSA \
>     -storetype pkcs12 \
>     -validity 825

$ sudo $JAVA_HOME/bin/keytool -certreq \
>     -alias jettyMjl \
>     -file mjl_dev.csr \
>     -keyalg EC \
>     -keystore /home/mjl/dev/etc/keystore

$ sudo certbot certonly \
>     --manual \
>     --csr mjl_dev.csr \
>     --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for dev.memoryjoggerlibrary.com

Successfully received certificate.
Certificate is saved at:            /home/gpeterso/Documents/planbase/goalQpc/memJogLib/0000_cert.pem
Intermediate CA chain is saved at:  /home/gpeterso/Documents/planbase/goalQpc/memJogLib/0000_chain.pem
Full certificate chain is saved at: /home/gpeterso/Documents/planbase/goalQpc/memJogLib/0001_chain.pem
This certificate expires on 2022-01-12.

NEXT STEPS:
- Certificates created using --csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

$ sudo $JAVA_HOME/bin/keytool -importcert \
>     -alias jettyMjl \
>     -trustcacerts \
>     -file 0001_chain.pem \
>     -keystore /home/mjl/dev/etc/keystore

$ sudo $JAVA_HOME/bin/keytool -v -list -keystore /home/mjl/dev/etc/keystore
Enter keystore password:  
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: jettymjl
Creation date: Oct 14, 2021
Entry type: PrivateKeyEntry
Certificate chain length: 4
Certificate[1]:
Owner: CN=dev.memoryjoggerlibrary.com
Issuer: CN=R3, O=Let's Encrypt, C=US
Serial number: 45f894d181e6dcb03b0250364637af78bff
Valid from: Thu Oct 14 17:10:44 EDT 2021 until: Wed Jan 12 16:10:43 EST 2022
...
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 256-bit EC (secp256r1) key
Version: 3
...

Certificate[2]:
Owner: CN=R3, O=Let's Encrypt, C=US
Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Serial number: 912b084acf0c18a753f6d62e25a75f5a
Valid from: Thu Sep 03 20:00:00 EDT 2020 until: Mon Sep 15 12:00:00 EDT 2025
Certificate fingerprints:
	 SHA1: A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05
	 SHA256: 67:AD:D1:16:6B:02:0A:E6:1B:8F:5F:C9:68:13:C0:4C:2A:A5:89:96:07:96:86:55:72:A3:C7:E7:37:61:3D:FD
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
...

Certificate[3]:
Owner: CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial number: 4001772137d4e942b8ee76aa3c640ab7
Valid from: Wed Jan 20 14:14:03 EST 2021 until: Mon Sep 30 14:14:03 EDT 2024
Certificate fingerprints:
	 SHA1: 93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF
	 SHA256: 6D:99:FB:26:5E:B1:C5:B3:74:47:65:FC:BC:64:8F:3C:D8:E1:BF:FA:FD:C4:C2:F9:9B:9D:47:CF:7F:F1:C2:4F
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
...

Certificate[4]:
Owner: CN=DST Root CA X3, O=Digital Signature Trust Co.
Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial number: 44afb080d6a327ba893039862ef8406b
Valid from: Sat Sep 30 17:12:19 EDT 2000 until: Thu Sep 30 10:01:15 EDT 2021
Certificate fingerprints:
	 SHA1: DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
	 SHA256: 06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
...

Warning:
<jettymjl> uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.

My web server is (include version):
jetty 10.0.6, but it's not even involved yet. This is just the Java 11 Keytool so far.

The operating system my web server runs on is (include version):
Ubuntu 18.04.6 LTS

My hosting provider, if applicable, is:
Just on my desktop.

I can login to a root shell on my machine (yes or no, or I don't know):
I use sudo. I guess I can set up a root shell if I have to, or sudo into one. So yes. But let's not unless it's really required.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.20.0

The SHA1 certificate in the chain is DST Root CA X3, a very old root certificate.

If you look at the certificate, you can see that its notbefore date is from the year 2000, so its SHA-1 signature was made more than 20 years ago - when SHA-1 was still considered secure.

Nowadays it's forbidden to issue new certificates with SHA-1, but old (root) certificates usually don't get re-signed. This is also generally not necessary and not a security risk in this case, as it's a root certificate included in the clients trust store - it is not send over the wire and it is self-signed, so its signature isn't security relevant anyway. Some linters tend to complain whenever they see a SHA-1 signed certificate, even if it's not a problem for the given certificate.

I would recommend to just ignore that warning, as it's just that - a warning.

2 Likes

Try using the shorter chain:

sudo certbot certonly \
     --manual \
     --csr mjl_dev.csr \
     --preferred-challenges dns \
     --preferred-chain "ISRG Root X1"