Using the wget tool, it's common to download files or web pages from the internet. When dealing with HTTPS sites, wget will validate the SSL certificate of the site to ensure its legitimacy.

$ wget https://www.simplified.guide
--2021-03-29 11:09:07--  https://www.simplified.guide/
Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.

ERROR: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert name@hostname (Your Name),OU=name@hostname (Your Name),O=mkcert development CA’:
  Unable to locally verify the issuer's authority.

ERROR: certificate common name ‘*.simplified.guide’ doesn't match requested host name ‘www.simplified.guide’.

To connect to www.simplified.guide insecurely, use `--no-check-certificate'.

Such certificate verification errors might occur due to a variety of reasons such as self-signed certificates, expired certificates, or domain name mismatches. Although it's essential to validate SSL certificates to prevent man-in-the-middle attacks and maintain the confidentiality and integrity of the data, there might be occasions in controlled environments (like testing or development setups) where bypassing this check is necessary.

wget provides the option to ignore SSL certificate errors. While this can be handy for testing or troubleshooting in certain scenarios, it's advised not to use it in production or secure environments.

Steps to bypass SSL certificate checks in Wget:

  1. Test downloading https page using wget.
    $ wget https://www.simplified.guide
    --2021-03-29 11:31:11--  https://www.simplified.guide/
    Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
    Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.
    ERROR: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert name@hostname (Your Name),OU=name@hostname (Your Name),O=mkcert development CA’:
      Unable to locally verify the issuer's authority.
    To connect to www.simplified.guide insecurely, use `--no-check-certificate'.
  2. Use --no-check-certificate option to ignore certificate error for SSL.
    $ wget --no-check-certificate https://www.simplified.guide
    --2021-03-29 11:32:21--  https://www.simplified.guide/
    Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
    Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.
    WARNING: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert name@hostname (Your Name),OU=name@hostname (Your Name),O=mkcert development CA’:
      Unable to locally verify the issuer's authority.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: ‘index.html’
    
    index.html                [ <=>                     ]  31.01K  --.-KB/s    in 0s
    
    2021-03-29 11:32:21 (100 MB/s) - ‘index.html’ saved [31755]

    The same message is still displayed but as WARNING instead of ERROR and the command was a success.

    --no-check-certificate
        Don't check the server certificate against the available certificate authorities.  Also don't require the URL host name to match the common name presented by the certificate.
    
        As of Wget 1.10, the default is to verify the server's certificate against the recognized certificate authorities, breaking the SSL handshake and aborting the download if the verification
        fails.  Although this provides more secure downloads, it does break interoperability with some sites that worked with previous Wget versions, particularly those using self-signed, expired, or
        otherwise invalid certificates.  This option forces an "insecure" mode of operation that turns the certificate verification errors into warnings and allows you to proceed.
    
        If you encounter "certificate verification" errors or ones saying that "common name doesn't match requested host name", you can use this option to bypass the verification and proceed with the
        download.  Only use this option if you are otherwise convinced of the site's authenticity, or if you really don't care about the validity of its certificate.  It is almost always a bad idea
        not to check the certificates when transmitting confidential or important data.
  3. Add option to skip certificate check into config file.
    $ echo "check-certificate = off" >> ~/.wgetrc

    Only use this method in development setting or wherever security is not critical.

  4. Test against https page with error again without using --no-check-certificate.
    $ wget https://www.simplified.guide
    --2021-03-29 11:42:29--  https://www.simplified.guide/
    Resolving www.simplified.guide (www.simplified.guide)... 127.0.0.1
    Connecting to www.simplified.guide (www.simplified.guide)|127.0.0.1|:443... connected.
    WARNING: cannot verify www.simplified.guide's certificate, issued by ‘CN=mkcert name@hostname (Your Name),OU=name@hostname (Your Name),O=mkcert development CA’:
      Unable to locally verify the issuer's authority.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/html]
    Saving to: ‘index.html.1’
    
    index.html              [ <=>                     ]  31.01K  --.-KB/s    in 0s
    
    2021-03-29 11:42:29 (115 MB/s) - ‘index.html’ saved [31755]
Discuss the article:

Comment anonymously. Login not required.