Can I get anSHA-256 certificate when the CSR is for SHA-1?
It's possible because the signature of a CSR is only used to prove that you are indeed the owner of the private key that matches with the public key embedded in the CSR. Once the CA (RapidSSL in your case) decides that the CSR is valid it's signature becomes meaningless for the further process of creating the certificate and is effectively discarded.
For the full gory details on what's in a certificate see rfc5280-4.1.2