Virtualmin PPA uses weak digest algorithm (SHA1)

apt update gives:

W: Signature by key 31D2B18872EAF68EFB81F81DE8DD3FA0A0BDBCF9 uses weak digest algorithm (SHA1)

2 threads 4 years ago were already notifying this:

already reported this.

Now, Ubuntu aptitude and apt update issue warnings about those weak certificates. And apticron sends me a mail per server every day about this.

Any chances to put that pending item a bit up in the pile ? (could not reply to old auto-closed topics, so creating a new one).

1 Like


Thanks for the heads up.

@Joe Is there an easy way to fix that?

You’re using old repos. I can’t change the signing key on the old repos. It’d be a breaking change for all old installs.

The /vm/6 repos (which have been around for several years) use a newer algorithm.

Thank you Joe!
That was the solution! (suggestion: would be nice if the old repo could have a deprecation message with instructions to upgrade to new one).

For other readers, here is what I did to upgrade the Virtualmin GPL installs to new repo:

curl -L | apt-key add -
vi /etc/apt/sources.list

and replace:

deb virtualmin-xenial main
deb virtualmin-universal main


deb virtualmin-xenial main
deb virtualmin-universal main

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.