Hi Everyone.
I have regenerated the self-signed certificate recently following the "How to simply recreate the certificate for SME Server" section of "useful commands" document. A ssllabs.com test indicates that an insecure "RSA 2048 bits (SHA1withRSA) Signature algorithm" was used. The cert fingerprint AND pin captured by the report both start with "sha256: xxxxetc...". Puzzling! I have a few small domains on the server that rely on that same cert for https sites/email. No complaints from browsers and email clients though (they work except untrusted due to being self-signed). I use the openVPN contrib for remote access also (with some openVPN certs in addition).
Is there an obvious setting or interaction between the self-signed and openVPN certs that I missed? Would following the 'useful commands' procedure delete any old sha1 certs? The certs were automatically recreated annually up to now before I checked the server. Is one / all openVPN certs the cause (sha1?)? Does that contrib use the sha1 algorithm? I am not a guru.
I have used and upgraded + updated (current) this server since the v7 era. After resolving this issue, I hope to install Letsencrypt and retire the self-signed cert.
Thanks in advance for any input!