The server uses a weak private key

In a number of OpenSSL implementations on Debian based Linux distributions a serious leak was found when generating the private keys. As a result the private keys generated on the systems for usage with SSH, OpenVPN, DNSSec and SSL are easy to hack. Therefore this leak was extensively covered in the news. More information: 

When the CSR was generated with a known insecure Private Key, our advice is to upgrade the server as soon as possible and to generate a new private key. It's not possible to request certificates with a CSR generated with an insecure private key. Manuals for generating a CSR can be found in our knowledgebase.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues