Crossed-signed chain
cat example.com.crt GandiStandardSSLCA2.pem USERTrustRSAAddTrustCA.crt > example.com.sha2crossed.crt
Let’s Encrypt
$ sudo apt-get install certbot -t jessie-backports $ certbot certonly -w /var/www/example.com -d example.com --config-dir ~/letsencrypt/etc --work-dir ~/letsencrypt/lib --logs-dir ~/letsencrypt/log
$ cat /etc/nginx/sites-available/example.com | grep ssl ssl_certificate ~/letsencrypt/etc/live/example.com/fullchain.pem; ssl_certificate_key ~/letsencrypt/etc/live/example.com/privkey.pem;
$ certbot renew --dry-run --config-dir ~/letsencrypt/etc --work-dir ~/letsencrypt/lib --logs-dir ~/letsencrypt/log
Ref:
https://letsencrypt.org/getting-started/ https://certbot.eff.org