Black Friday Deals for Linux Users are Now Live!
Learn more
Nov 6, 2022 3 min read

Ignore SSL Certificate Error with cURL

Table of Contents

So you were trying to get an HTML response from a website using cURL and you got an SSL certificate error:

[email protected]:~$ curl https://expired.badssl.com
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

It is because the cURL by default will ensure connections using an SSL certificate and will throw an error if the website you specified is having misconfigured or expired certificate.

And this is going to be a quick tutorial on how you can ignore an SSL certificate error using cURL.

How to ignore an SSL certificate error with cURL

While ignoring the error and still wishing for connecting to the faulty site is not recommended but if you trust the website, here you have it!

You can use the --insecure option while using curl and it will ignore the broken SSL certificate:

curl --insecure https://expired.badssl.com
[email protected]:~$ curl --insecure https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="shortcut icon" href="/icons/favicon-red.ico"/>
  <link rel="apple-touch-icon" href="/icons/icon-red.png"/>
  <title>expired.badssl.com</title>
  <link rel="stylesheet" href="/style.css">
  <style>body { background: red; }</style>
</head>
<body>
<div id="content">
  <h1 style="font-size: 12vw;">
    expired.<br>badssl.com
  </h1>
</div>

</body>
</html>

Similarly, you can also use -k option to have the same effect being the short form of --insecure option:

curl -k https://expired.badssl.com
[email protected]:~$ curl -k https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="shortcut icon" href="/icons/favicon-red.ico"/>
  <link rel="apple-touch-icon" href="/icons/icon-red.png"/>
  <title>expired.badssl.com</title>
  <link rel="stylesheet" href="/style.css">
  <style>body { background: red; }</style>
</head>
<body>
<div id="content">
  <h1 style="font-size: 12vw;">
    expired.<br>badssl.com
  </h1>
</div>

</body>
</html>

Apply the --insecure option to every SSL connection  

⚠️
This is not suggested unless you are performing this under isolation or a testing environment.

You can append insecure to the curl-config file using the given command:

echo "insecure" >> ~/.curlrc

And now, you can get HTML response with curl without using the --insecure option:

[email protected]:~$ curl https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="shortcut icon" href="/icons/favicon-red.ico"/>
  <link rel="apple-touch-icon" href="/icons/icon-red.png"/>
  <title>expired.badssl.com</title>
  <link rel="stylesheet" href="/style.css">
  <style>body { background: red; }</style>
</head>
<body>
<div id="content">
  <h1 style="font-size: 12vw;">
    expired.<br>badssl.com
  </h1>
</div>

</body>
</html>

Wrapping Up

This was my take on how you can ignore an SSL certificate while using curl. I hope this solves the issue.

And if not, make sure to leave a comment and I will try my best to come up with a solution.

Linux Foundation Training
Sagar Sharma
A software engineer who loves to tinker with hardware till it gets crashed. While reviving my crashed system, you can find me reading literature, manga, or watering my plants.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Linux Handbook.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.