Ignore SSL Certificate Error with Wget
Getting an expired certificate error while downloading files with wget? Here's how to ignore it.
So you installed wget and when you tried to download files in the Linux terminal, it got you an SSL certificate error like the following?
sagar@LHB:~$ wget https://expired.badssl.com
--2022-11-04 14:35:55-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
ERROR: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
To connect to expired.badssl.com insecurely, use `--no-check-certificate'.
The reason why you get this error is simple. By default, wget checks for a valid SSL certificate so that you can have a reliable connection and if not, it throws an error saying the Issued certificate has expired.
So let's have a look at how to ignore SSL certificate errors while using wget.
Ignore SSL certificate error with wget
While I won't advise you to connect over a website that has a broken SSL certificate, you may find this error on a trusted site and wish to continue, so here you go.
To ignore this error, you have to use --no-check-certificate
option and it won't check for an SSL certificate:
wget --no-check-certificate https://expired.badssl.com
sagar@LHB:~$ wget --no-check-certificate https://expired.badssl.com
--2022-11-04 15:18:07-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.1’
index.html.1 100%[===================>] 494 --.-KB/s in 0s
2022-11-04 15:18:08 (209 MB/s) - ‘index.html.1’ saved [494/494]
Skip the certification check
To skip the certification check every time you visit the broken SSL site, you just have to append check-certificate = off
in wget config file:
And now, you can download files using wget over broken SSL sites without adding --no-check-certificate
option:
sagar@LHB:~$ wget https://expired.badssl.com
--2022-11-04 15:41:50-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.2’
index.html.2 100%[===================>] 494 --.-KB/s in 0s
2022-11-04 15:41:51 (191 MB/s) - ‘index.html.2’ saved [494/494]
Wrapping Up
Curl or wget, you can face this issue in both commands. We have covered handling the SSL certificate error with curl as well.
Through this guide, I explained how you could ignore SSL certificate errors with wget. If you have any queries, let me know in the comments.
A software engineer who loves to tinker with hardware till it gets crashed. While reviving my crashed system, you can find me reading literature, manga, or watering my plants.