What do you mean? The SSL cert should be valid until early 2015.

>Expires On 3/12/15

Honestly, as long as you took the proper steps when making it (Generating your *own* key, using a CA signing request, keeping it secure on only devices that require it, correct permissions, if you've ever had your webserver compromised, change it, etc...) then I'd just leave it. It's up to people to decide if/when they want to update their CA list (Either manually, or, placing the trust in someone else (Google, Mozilla, Microsoft, etc...)).

Your cert works fine for me using Chromium's built-in cert list, it doesn't work with curl however (Throws an insecure error), nor, however, does it work with Firefox, but, that's not because it's not trusted, but, because you've configured your SSL server incorrectly (Not issuing issuer chain). I'm assuming that NGINX does all the front-end SSL communication, based off, well:-


$ curl https://ssl.dispenser.tf --insecure -I
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu) << This right here.
Date: Thu, 26 Jun 2014 12:51:19 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Cookie
Set-Cookie: csrftoken=AvWFEDisrbJDv7qod5xTXWbGhBHuWwrv; expires=Thu, 25-Jun-2015 12:51:19 GMT; Max-Age=31449600; Path=/

If you're using some other SSL proxy, tell me and I'll locate a source, but, basically, head to your issuer and download their cert chain (I believe it's the following):-
http://www.startssl.com/certs/ca.pem
http://www.startssl.com/certs/sub.class1.server.ca.pem

From there, although I've never used NGINX before with SSL, it should be as simple as following this:-
https://www.startssl.com/?app=42

Which is basically:-
>cat $yourCert sub.class1.server.ca.pem ca.pem > /etc/nginx/conf/ssl-unified.crt

And utilizing that cert as the cert in your config, instead of your cert.

Like I said, never done this before using NGINX, but, I have with many other SSL things and FireFox is always a pain.