After recently updating my SSL cert I found I was getting a
sec_error_unknown_issuer error with FF Android.
As it turned out I'd missed a step in the configuration which is to include the intermediate certificate along with the main .crt file.
To do this you just
cat the intermediate Gandi cert onto the .crt you got from your SSL provider. In my case this was all that was required:
cat GandiStandardSSLCA.pem >> mycert.crt
If you see errors from nginx on restarting, check you've got some space separating the end of the first cert from the beginning of the next.
For a full run-through on setting up a Gandi cert for Nginx see https://nicolas.perriault.net/code/2012/gandi-standard-ssl-certificate-nginx/