Laz is a web genius. He is a pro, I think. Maybe he’s feeling generous and can give some free assistance.
Laz?
Google has broken SHA-1 encryption
By breakable, it means that the same hash can occur for two different websites/users. The odds are very low but it can happen. HTTPS requires that there be no hash collisions (problems can emerge from that) and also that it not be crackable (unencryptable by third parties). The odds of SHA-1 being crackable are low-to-moderate, though, by people with the right skills and hardware. At some point, SHA-1 will become universally forbidden across the internet.
If JohnRob is still on SHA-1, it is a relatively painless change to upgrade to SHA-2. I'm not sure about SHA-256 but I imagine it is as simple a process. It requires one change in the code (usually), and the use of a newly-issued secure site cert (in the appropriate flavor).
Justa, while you are officially correct, (NIST FIPS-104 compliance allows SHA-1) most of the Federal agencies are moving to SHA-2, 3, 254, or 256 on internal guidance.