Google has broken SHA-1 encryption
By breakable, it means that the same hash can occur for two different websites/users. The odds are very low but it can happen. HTTPS requires that there be no hash collisions (problems can emerge from that) and also that it not be crackable (unencryptable by third parties). The odds of SHA-1 being crackable are low-to-moderate, though, by people with the right skills and hardware. At some point, SHA-1 will become universally forbidden across the internet.
If JohnRob is still on SHA-1, it is a relatively painless change to upgrade to SHA-2. I'm not sure about SHA-256 but I imagine it is as simple a process. It requires one change in the code (usually), and the use of a newly-issued secure site cert (in the appropriate flavor).
Justa, while you are officially correct, (NIST FIPS-104 compliance allows SHA-1) most of the Federal agencies are moving to SHA-2, 3, 254, or 256 on internal guidance.
Personally, I’d up the game to SHA-256. Probably just as much work and you should be good for 10-20 years, barring some major computer breakthrough.
My organization has killed SHA-1 completely as of two years ago. There are several vulnerabilities associated with it.
Chrome is definitely enforcing the rejections of typically insecure certificates as part of the browser security model. They have also built in FIDO support for 2FA.