Nginx SSL证书检查工具

#!/bin/bash

echo "🔎 检查 Nginx SSL 配置..."
echo "------------------------"

cert="/etc/pki/nginx/seapigx.icu.pem"
key="/etc/pki/nginx/private/seapigx.icu.key"

echo "📜 证书路径: $cert"
echo "🔑 私钥路径: $key"
echo "------------------------"

# 检查文件是否存在
if [[ ! -f "$cert" || ! -f "$key" ]]; then
    echo "❌ 错误：证书或私钥文件不存在！"
    exit 1
fi

# 检查文件可读性
if [[ ! -r "$cert" || ! -r "$key" ]]; then
    echo "❌ 错误：证书或私钥不可读（检查权限）！"
    echo "当前权限："
    ls -l "$cert" "$key"
    exit 1
fi

# 检查证书有效期
echo "⏳ 证书有效期："
sudo openssl x509 -enddate -noout -in "$cert"

# 检查证书和私钥是否匹配
echo "🔐 检查证书和私钥是否匹配..."
cert_md5=$(sudo openssl x509 -noout -modulus -in "$cert" | openssl md5)
key_md5=$(sudo openssl rsa -noout -modulus -in "$key" 2>/dev/null | openssl md5)
if [[ "$cert_md5" == "$key_md5" ]]; then
    echo "✅ 证书和私钥匹配"
else
    echo "❌ 证书和私钥不匹配！"
fi

echo "------------------------"
echo "✅ 检查完成"