So, here's the thing: PayPal is rolling out a security update on June 17th 2016. A friday, for the joy of all developers and agencies I think. Those who are not prepared and did not check the requirements first will have websites/shops with a non-working PayPal integration after June 17th.
The main 2 points are:
PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm. You will need to update your integration to support certificates using SHA-256.
Discontinue use of the VeriSign G2 Root Certificate