If you work commonly enough with SSL, you know that verifying certificates and keys needs to be done before you push a configuration change to a server. Thankfully nginx has the configtest flag set in the restart command, to prevent you from shutting down a broken configuration.
Below, I have included a really simple script that will take all the .crt files in a directly, and match them up with .key files, and validate the modulus' md5sum.
On failure, it will spit out the cert/key combo that doesn't match like below:
