Skip to main content
Troubleshooting

Ignore SSL Certificate Error with Wget

Getting an expired certificate error while downloading files with wget? Here's how to ignore it.

Sagar Sharma

So you installed wget and when you tried to download files in the Linux terminal, it got you an SSL certificate error like the following?

sagar@LHB:~$ wget https://expired.badssl.com
--2022-11-04 14:35:55--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
ERROR: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
To connect to expired.badssl.com insecurely, use `--no-check-certificate'.

The reason why you get this error is simple. By default, wget checks for a valid SSL certificate so that you can have a reliable connection and if not, it throws an error saying the Issued certificate has expired.

So let's have a look at how to ignore SSL certificate errors while using wget.

Ignore SSL certificate error with wget

While I won't advise you to connect over a website that has a broken SSL certificate, you may find this error on a trusted site and wish to continue, so here you go.

To ignore this error, you have to use --no-check-certificate option and it won't check for an SSL certificate:

wget --no-check-certificate https://expired.badssl.com
sagar@LHB:~$ wget --no-check-certificate https://expired.badssl.com
--2022-11-04 15:18:07--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.1’

index.html.1        100%[===================>]     494  --.-KB/s    in 0s      

2022-11-04 15:18:08 (209 MB/s) - ‘index.html.1’ saved [494/494]

Skip the certification check

⚠️
I do not recommend this unless you have an isolated environment or want to test things regardless of security concerns.

To skip the certification check every time you visit the broken SSL site, you just have to append check-certificate = off in wget config file:

And now, you can download files using wget over broken SSL sites without adding --no-check-certificate option:

sagar@LHB:~$ wget https://expired.badssl.com
--2022-11-04 15:41:50--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.2’

index.html.2        100%[===================>]     494  --.-KB/s    in 0s      

2022-11-04 15:41:51 (191 MB/s) - ‘index.html.2’ saved [494/494]

Wrapping Up

Curl or wget, you can face this issue in both commands. We have covered handling the SSL certificate error with curl as well.

Ignore SSL Certificate Error with cURL
Getting an expired certificate error while downloading files with curl? Here’s how to ignore it.
Linux HandbookSagar Sharma

Through this guide, I explained how you could ignore SSL certificate errors with wget. If you have any queries, let me know in the comments.