SHA1 certificates are being phased out in the industry. Most browsers treat SHA1 certificates as insecure as of 1 January 2016. After 1 January 2017 connectivity with SHA1 certificates may be blocked by browsers.
Some Certificate authorities are issuing SHA256 certificates that have SHA256 intermediate certificates but retain old SHA1 root certificates. While this is currently allowed  it can cause inconsistent failures and connection issues.
For most reliable connectivity CA certificates with a SHA1 root should be replaced with SHA256.
The SHA1 hashing algorithm is considered to be insecure and is deprecated by most authorities as of 1 January 2016.
Web browsers treat SHA1 certificates as untrusted.