In this technote from IBM you can find the following answers:
Q1: Can I import the SHA-2 cert on a Domino 9.x server and then use that keyring on a Domino 8.5.x server? No. Domino 8.5.x lacks the cryptographic infrastructure for SHA-2. This means if you import the cert using 9.x and the Interim Fix and and KYRTool described above, you can use that keyring on a Domino 9.0 or above server, but not on a Domino server pre-Domino 9.0.
Q2: Can I get a hotfix on 8.5.x or earlier to support SHA-2? No. This is not possible since releases prior to Domino 9.0 lack the cryptographic infrastructure for SHA-2.
Is an update to Domino 9.x the only way the handle this issue? If so, how long it's time, before the relevant web browsers (ie, firefox and chrome) will cancel the support for SHA-1?
Yes, for long-term, upgrade to Domino 9 is the only solution. As a workaround you could use a reverse-proxy solution, (e.g. using Apache Web Server, NGINX or HAProxy), see https://frostillic.us/blog/posts/6AF303DE836BA02D85257D570058B1CA as an example.
Regarding browsers support of SHA-1: