Why do I get this APT warning: Signature by key [...] uses weak digest algorithm (SHA1)?

As per the comments:

SHA1 is assumed weak, therefore Debian decided to switch to stronger hashing algorithms back in March 2016.

Therefore, if operating APT repositories: Deprecate SHA1 and switch (at least) to SHA256.

See this Debian wiki article for a summary regarding the reasoning and this one which keeps track of broken / fixed (upstream) repositories.