SHAAAAAAAAAAAAA
Check your site for weak SHA-1 certificates. Open source, by @konklone.
has a certificate chain signed with .
If Chrome still says the site uses SHA-1, it's probably a chain caching bug on your computer.
has a certificate, but needs to update its intermediates.
is using .
See the details at SSL Labs, or start over.
There was an error checking . Check the developer console for details.
Check above to see if a site is still using certificates that were issued using the dangerously outdated SHA-1 signature algorithm.
As of January 1, 2016, no publicly trusted CA is allowed to issue a SHA-1 certificate. So any new certificate you get should automatically use a SHA-2 algorithm for its signature.
However, existing SHA-1 certificates are still trusted by modern browsers and operating systems. Generally, they will be removing support for SHA-1 entirely by January 1, 2017.
Legacy clients will continue to accept SHA-1 certificates, and it is possible to have requested a certificate on December 31, 2015 valid for 39 months. So, it is possible to see SHA-1 certificates in the wild that expire in 2019.
Credits
This website is an open source project, and includes a command line tool — please lend a hand!
Thanks to Mathias Bynens, Justin Mayer, and Jonny Barnes for inspiration and assistance.