Just like my renewal in 2014 I acted on receiving an email about my certificates expiring. The free certificate’s default Secure Hash Algorithm used to be of type SHA1.
Startssl.com offers the adviced SHA256 as the default for the free class 1 certificate. Just make sure to leave it to the default or select SHA2 (default) in the generate key step. When the key is imported in Synology it will show it is SHA256.
The first issue with SSL in 2016 has been resolved. Prepare for the worst and hope for the best 😉