Forcing transition to SHA-2 is good. But around the edges, are some very disturbing discussions.
Short-lived certs with 2-3 day expiration mean any SSL website can be removed from the internet within 2-3 days by the CA cartel. Consider if a politically inconvenient website has physical server in the freedom-loving Elbonia, and is widely known with hostname in the Elbonian ccTLD. But no CA "trusted" by all major browsers does business only in Elbonia. Revocation lists are not always checked, but expiration time is.
Key word is identity, key issue is control of identity as a strategic matter. Very convenient confusion results from too much focus on tactical matters with obvious solutions such as hash algo, online key rotation, etc. (while major players ignore or drag feet on best solutions).
Smart people here, please fill in the blanks. (I maybe put longer post... but I do not like long posts.) Smart people also mentioned how it doesn't matter to "certify" with a CRC32, when TLAs and criminals (redundant term) can so easily get a "valid" cert trusted by some trust root in major browsers' CA bundle. Now take it to the next level!