By default, wget validates SSL certificates to ensure secure and authentic connections. Sometimes this causes errors with self-signed, expired, or internal certificates. Disabling checks can help in testing or controlled environments but reduces security.
Ignoring certificate validation bypasses normal trust checks, allowing downloads from hosts with untrusted certificates. This is risky in production but may be acceptable in development, testing, or when the authenticity of the server is otherwise guaranteed.
$ wget https://www.simplified.guide --2021-03-29 11:09:07-- https://www.simplified.guide/ Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1 Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected. ERROR: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert name@hostname (Your Name),OU=name@hostname (Your Name),O=mkcert development CA’: Unable to locally verify the issuer's authority. ERROR: certificate common name ‘*.simplified.guide’ doesn't match requested host name ‘www.simplified.guide’. To connect to www.simplified.guide insecurely, use `--no-check-certificate'.
Always weigh the security implications before ignoring SSL checks. Use this option sparingly and never for sensitive data transfers over insecure networks.
Steps to bypass SSL certificate validation in Wget:
- Run wget to download an HTTPS page and observe the certificate error.
$ wget https://www.example.com --2023-09-16 10:00:00-- https://www.example.com/ Resolving www.example.com (www.example.com)... 127.0.0.1 Connecting to www.example.com (www.example.com)|127.0.0.1|:443... connected. ERROR: cannot verify www.example.com’s certificate, issued by ‘CN=mkcert example.com development CA’: Unable to locally verify the issuer’s authority. To connect to www.example.com insecurely, use `--no-check-certificate`.
- Use the --no-check-certificate option to skip the SSL certificate validation.
$ wget --no-check-certificate https://www.example.com --2023-09-16 10:01:00-- https://www.example.com/ Resolving www.example.com (www.example.com)... 127.0.0.1 Connecting to www.example.com (www.example.com)|127.0.0.1|:443... connected. WARNING: cannot verify www.example.com's certificate. HTTP request sent, awaiting response... 200 OK Saving to: ‘index.html’ index.html [ <=> ] 32.4K --.-KB/s in 0s 2023-09-16 10:01:01 (120 MB/s) - ‘index.html’ saved [33214]
Use this option only in development or testing environments. It is not recommended for production use.
--no-check-certificate Don't check the server certificate against the available certificate authorities. Also don't require the URL host name to match the common name presented by the certificate. As of Wget 1.10, the default is to verify the server's certificate against the recognized certificate authorities, breaking the SSL handshake and aborting the download if the verification fails. Although this provides more secure downloads, it does break interoperability with some sites that worked with previous Wget versions, particularly those using self-signed, expired, or otherwise invalid certificates. This option forces an "insecure" mode of operation that turns the certificate verification errors into warnings and allows you to proceed. If you encounter "certificate verification" errors or ones saying that "common name doesn't match requested host name", you can use this option to bypass the verification and proceed with the download. Only use this option if you are otherwise convinced of the site's authenticity, or if you really don't care about the validity of its certificate. It is almost always a bad idea not to check the certificates when transmitting confidential or important data.
- Add the option to disable SSL certificate checks globally by editing the wget configuration file.
$ echo "check-certificate = off" >> ~/.wgetrc
This method should only be used if certificate verification is unnecessary. Avoid using it in environments that require secure communication.
- Test again by running the same command without the --no-check-certificate flag.
$ wget https://www.example.com --2023-09-16 10:02:00-- https://www.example.com/ Resolving www.example.com (www.example.com)... 127.0.0.1 Connecting to www.example.com (www.example.com)|127.0.0.1|:443... connected. WARNING: cannot verify www.example.com's certificate. HTTP request sent, awaiting response... 200 OK Saving to: ‘index.html.1’ index.html.1 [ <=> ] 32.4K --.-KB/s in 0s 2023-09-16 10:02:01 (110 MB/s) - ‘index.html.1’ saved [33214]

Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.