when generating SSL CSRs, using SHA256 as SHA1 is being phased out, per @konklone

management/web_update.py

@@ -177,6 +177,7 @@ def ensure_ssl_certificate_exists(domain, ssl_key, ssl_certificate, csr_path, en
 		"openssl", "req", "-new",
 		"-key", ssl_key,
 		"-out",  csr_path,
+		"-sha256",
 		"-subj", "/C=%s/ST=/L=/O=/CN=%s" % (env["CSR_COUNTRY"], domain)])
 
 	# And then make the certificate.

setup/ssl.sh

@@ -31,7 +31,7 @@ if [ ! -f $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr ]; then
 	# Generate a certificate signing request if one doesn't already exist.
 	hide_output \
 	openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \
-	  -subj "/C=$CSR_COUNTRY/ST=/L=/O=/CN=$PRIMARY_HOSTNAME"
+	  -sha256 -subj "/C=$CSR_COUNTRY/ST=/L=/O=/CN=$PRIMARY_HOSTNAME"
 fi
 if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
 	# Generate a SSL certificate by self-signing if a SSL certificate doesn't yet exist.