Nov 28, 2022 2 min read

Ignore SSL Certificate Error with Wget

Table of Contents

So you installed wget and when you tried to download files in the Linux terminal, it got you an SSL certificate error like the following?

[email protected]:~$ wget https://expired.badssl.com
--2022-11-04 14:35:55--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
ERROR: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
To connect to expired.badssl.com insecurely, use `--no-check-certificate'.

The reason why you get this error is simple. By default, wget checks for a valid SSL certificate so that you can have a reliable connection and if not, it throws an error saying the Issued certificate has expired.

So let's have a look at how to ignore SSL certificate errors while using wget.

Ignore SSL certificate error with wget

While I won't advise you to connect over a website that has a broken SSL certificate, you may find this error on a trusted site and wish to continue, so here you go.

To ignore this error, you have to use --no-check-certificate option and it won't check for an SSL certificate:

wget --no-check-certificate https://expired.badssl.com
[email protected]:~$ wget --no-check-certificate https://expired.badssl.com
--2022-11-04 15:18:07--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.1’

index.html.1        100%[===================>]     494  --.-KB/s    in 0s      

2022-11-04 15:18:08 (209 MB/s) - ‘index.html.1’ saved [494/494]

Skip the certification check

⚠️
I do not recommend this unless you have an isolated environment or want to test things regardless of security concerns.

To skip the certification check every time you visit the broken SSL site, you just have to append check-certificate = off in wget config file:

And now, you can download files using wget over broken SSL sites without adding --no-check-certificate option:

[email protected]:~$ wget https://expired.badssl.com
--2022-11-04 15:41:50--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: cannot verify expired.badssl.com's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.2’

index.html.2        100%[===================>]     494  --.-KB/s    in 0s      

2022-11-04 15:41:51 (191 MB/s) - ‘index.html.2’ saved [494/494]

Wrapping Up

Curl or wget, you can face this issue in both commands.

Through this guide, I explained how you could ignore SSL certificate errors with wget. If you have any queries, let me know in the comments.

Sagar Sharma
A software engineer who loves to tinker with hardware till it gets crashed. While reviving my crashed system, you can find me reading literature, manga, or watering my plants.

Join the conversation

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Linux Handbook.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.