I’m a big fan of Namecheap. They offer cheap SSL certificates that does the trick just fine. For most my projects, I go for their cheapest option (usually ‘PossitiveSSL’).
Every time I deploy one of these certificates however, I screw up the order of the chain certificates. The tl;dr is that certificate should go first, and then the supporting chain certificates.
After extracting the zip-file you get from Namecheap, simply run this command to create your certificate:
$ cat STAR_*.crt AddTrust*.crt COMODORS*.crt > foobar.com.crt