SHA-1 is completely deprecated and considered insecure and unsafe for all purposes. I doubt we've done anything to cripple it in ConfigMgr, however, Windows may have.
Moving your PKI infra to SHA-2 is unrelated to your DC unless you actually have your CA set up on a DC in which case it's time to probably create a new PKI. that's a much bigger discussion though and not directly related to ConfigMgr and I'd highly recommend that you involve a PKI smart person in that conversation and effort.
Also, keep in mind that with the latest versions of ConfigMgr, you do not need to use a PKI to support remotely connected Internet clients thus if that's your sole purpose for using PKI certs you may also consider moving away from them. This will depend on your full requirements including non-ConfigMgr related security requirements that your org may have.