Wget by default performs validity check of SSL certificates for https websites to ensure the certificate is valid. There are times though that you'll want Wget to ignore SSL certificate check when accessing websites with expired SSL certificate or those with self-signed certificates such as for development purpose or if you really trust the websites.

$ wget https://www.simplified.guide
--2021-03-29 11:09:07--  https://www.simplified.guide/
Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.

ERROR: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert [email protected] (Your Name),[email protected] (Your Name),O=mkcert development CA’:
  Unable to locally verify the issuer's authority.

ERROR: certificate common name ‘*.simplified.guide’ doesn't match requested host name ‘www.simplified.guide’.

To connect to www.simplified.guide insecurely, use `--no-check-certificate'.

You can turn off check-certificate option in Wget to skip certificate check thus ignoring SSL errors. This is equivalent to using insecure option for cURL.

Steps to skip certificate check in wget:

  1. Test downloading https page using wget.
    $ wget https://www.simplified.guide
    --2021-03-29 11:31:11--  https://www.simplified.guide/
    Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
    Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.
    ERROR: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert [email protected] (Your Name),[email protected] (Your Name),O=mkcert development CA’:
      Unable to locally verify the issuer's authority.
    To connect to www.simplified.guide insecurely, use `--no-check-certificate'.
  2. Use --no-check-certificate option to ignore certificate error for SSL.
    $ wget --no-check-certificate https://www.simplified.guide
    --2021-03-29 11:32:21--  https://www.simplified.guide/
    Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
    Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.
    WARNING: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert [email protected] (Your Name),[email protected] (Your Name),O=mkcert development CA’:
      Unable to locally verify the issuer's authority.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: ‘index.html’
    
    index.html                [ <=>                     ]  31.01K  --.-KB/s    in 0s
    
    2021-03-29 11:32:21 (100 MB/s) - ‘index.html’ saved [31755]

    The same message is still displayed but as WARNING instead of ERROR and the command was a success.

    --no-check-certificate
        Don't check the server certificate against the available certificate authorities.  Also don't require the URL host name to match the common name presented by the certificate.
    
        As of Wget 1.10, the default is to verify the server's certificate against the recognized certificate authorities, breaking the SSL handshake and aborting the download if the verification
        fails.  Although this provides more secure downloads, it does break interoperability with some sites that worked with previous Wget versions, particularly those using self-signed, expired, or
        otherwise invalid certificates.  This option forces an "insecure" mode of operation that turns the certificate verification errors into warnings and allows you to proceed.
    
        If you encounter "certificate verification" errors or ones saying that "common name doesn't match requested host name", you can use this option to bypass the verification and proceed with the
        download.  Only use this option if you are otherwise convinced of the site's authenticity, or if you really don't care about the validity of its certificate.  It is almost always a bad idea
        not to check the certificates when transmitting confidential or important data.
  3. Add option to skip certificate check into config file.
    $ echo "check-certificate = off" >> ~/.wgetrc

    Only use this method in development setting or wherever security is not critical.

  4. Test against https page with error again without using --no-check-certificate.
    $ wget https://www.simplified.guide
    --2021-03-29 11:42:29--  https://www.simplified.guide/
    Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
    Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.
    WARNING: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert [email protected] (Your Name),[email protected] (Your Name),O=mkcert development CA’:
      Unable to locally verify the issuer's authority.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: ‘index.html.1’
    
    index.html              [ <=>                     ]  31.01K  --.-KB/s    in 0s
    
    2021-03-29 11:42:29 (115 MB/s) - ‘index.html’ saved [31755]
Discuss the article:

Comment anonymously. Login not required.

Share!