So you installed wget and when you tried to download files in the Linux terminal, it got you an SSL certificate error like the following?
[email protected]:~$ wget https://expired.badssl.com
--2022-11-04 14:35:55-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
ERROR: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
To connect to expired.badssl.com insecurely, use `--no-check-certificate'.
The reason why you get this error is simple. By default, wget checks for a valid SSL certificate so that you can have a reliable connection and if not, it throws an error saying the Issued certificate has expired.
So let's have a look at how to ignore SSL certificate errors while using wget.
Ignore SSL certificate error with wget
While I won't advise you to connect over a website that has a broken SSL certificate, you may find this error on a trusted site and wish to continue, so here you go.
To ignore this error, you have to use --no-check-certificate
option and it won't check for an SSL certificate:
wget --no-check-certificate https://expired.badssl.com
[email protected]:~$ wget --no-check-certificate https://expired.badssl.com
--2022-11-04 15:18:07-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.1’
index.html.1 100%[===================>] 494 --.-KB/s in 0s
2022-11-04 15:18:08 (209 MB/s) - ‘index.html.1’ saved [494/494]
Skip the certification check
To skip the certification check every time you visit the broken SSL site, you just have to append check-certificate = off
in wget config file:
And now, you can download files using wget over broken SSL sites without adding --no-check-certificate
option:
[email protected]:~$ wget https://expired.badssl.com
--2022-11-04 15:41:50-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.2’
index.html.2 100%[===================>] 494 --.-KB/s in 0s
2022-11-04 15:41:51 (191 MB/s) - ‘index.html.2’ saved [494/494]
Wrapping Up
Curl or wget, you can face this issue in both commands.
Through this guide, I explained how you could ignore SSL certificate errors with wget. If you have any queries, let me know in the comments.
Join the conversation