Wget by default performs validity check of SSL certificates for SSL-based websites. This is obviously a security reason as the core of SSL itself relies on certificates to be valid and verified to be used and trusted. There are times though that you'll want Wget to ignore SSL certificate check such as when trying to access websites with expired SSL certificate or those with self-signed certificates.

This could easily be done with the --no-check-certificate option.

    Don't check the server certificate against the available certificate authorities.  Also don't require the URL host name to match the common name presented by the certificate.

    As of Wget 1.10, the default is to verify the server's certificate against the recognized certificate authorities, breaking the SSL handshake and aborting the download if the verification
    fails.  Although this provides more secure downloads, it does break interoperability with some sites that worked with previous Wget versions, particularly those using self-signed, expired, or
    otherwise invalid certificates.  This option forces an "insecure" mode of operation that turns the certificate verification errors into warnings and allows you to proceed.

    If you encounter "certificate verification" errors or ones saying that "common name doesn't match requested host name", you can use this option to bypass the verification and proceed with the
    download.  Only use this option if you are otherwise convinced of the site's authenticity, or if you really don't care about the validity of its certificate.  It is almost always a bad idea
    not to check the certificates when transmitting confidential or important data.

Without --no-check-certificate, you'll get the following error when accessing an improperly-configured certificate;

$ wget
--2018-06-07 12:19:25--
Connecting to connected.
    ERROR: certificate common name ‘*.example.com’ doesn't match requested host name ‘’.
To connect to insecurely, use `--no-check-certificate'.

With --no-check-certificate option used, Wget will only throw a warning but will still proceed with the request.

$ wget --no-check-certificate
--2018-06-07 12:27:19--
Connecting to connected.
    WARNING: certificate common name ‘*.example.com’ doesn't match requested host name ‘’.
HTTP request sent, awaiting response... 200 OK
Length: 90 [text/html]
Saving to: ‘index.html’

100%[=======================================================================================>] 90          --.-K/s   in 0s

2018-06-07 12:27:19 (5.03 MB/s) - ‘index.html’ saved [90/90]
Discuss the article:

Comment anonymously. Login not required.