DA, Let's Encrypt and SHA1

Ch3vr0n

Verified User
Joined
Aug 24, 2014
Messages
88
I hope this is the proper section, if not please move.

I'm running the latest DA with all installed plugins up to date. I was wondering why DA still allows SHA1 to be used for requesting a "Let's Encrypt" certificate. SHA1 is no longer secure and is being "punished" by browsers. I can understand the 2048/4096 bits option, but SHA1 is asking for trouble with certificate issueing. That option should be removed.
 
I hope this is the proper section, if not please move.

I'm running the latest DA with all installed plugins up to date. I was wondering why DA still allows SHA1 to be used for requesting a "Let's Encrypt" certificate. SHA1 is no longer secure and is being "punished" by browsers. I can understand the 2048/4096 bits option, but SHA1 is asking for trouble with certificate issueing. That option should be removed.

I'm confused. The certificates that I'm seeing and the code in the letsencrypt.sh all show SHA256. Exactly what is still SHA-1 that you are concerned about?

Kevin
 
When you fill a small form to request your a cert from Lets Encrypt, you can choose SHA256 or SHA1.

Directadmin stopped supporting CentOS 5 as of March 2018, since that support for SHA1 can be dropped either I'd rather say.
 
When you fill a small form to request your a cert from Lets Encrypt, you can choose SHA256 or SHA1.

Directadmin stopped supporting CentOS 5 as of March 2018, since that support for SHA1 can be dropped either I'd rather say.

I missed that on the form, I didn't even think submitting a SHA1 would work. Agree, it should be taken out.

I would also prefer that it default to 2048 or have it as an option in conf.

Kevin
 
Back
Top