wget is a popular command for downloading files from the internet with protocols such as HTTP, HTTPS, and FTP. With the terminal emulator you use, you can download without logging in to the internet address. If the website you want to download has an insecure and problematic ssl certificate, you will encounter the following errors:
ERROR: Certificate '--' is not trusted.
ERROR: Certificate '--' has no known issuer.
The certificate has expired
You cannot download and it will show you that the address you want to download from has a security problem. We will tell you how to proceed with the download with the following steps.
Ignore SSL Certificate in Wget
When you open a website with a browser, if you encounter the following screen, it indicates that this site has a problem with the SSL certificate:
You can access the site with Advanced → Accept the Risk and Continue.
Now let's try to download files from this website with wget in terminal:
foc@fedora:~$ wget https://expired.badssl.com
--2023-02-09 19:44:12-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
ERROR: The certificate of ‘expired.badssl.com’ is not trusted.
ERROR: The certificate of ‘expired.badssl.com’ has expired.
The certificate has expired
As you can see the download failed. The "--no-check-certificate
" parameter is used to solve this problem:
foc@fedora:~$ wget --no-check-certificate https://expired.badssl.com --2023-02-09 21:17:30-- https://expired.badssl.com/ Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105 Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected. WARNING: The certificate of ‘expired.badssl.com’ is not trusted. WARNING: The certificate of ‘expired.badssl.com’ has expired. The certificate has expired HTTP request sent, awaiting response... 200 OK Length: 494 [text/html] Saving to: ‘index.html.9’ index.html.9 100%[=============>] 494 --.-KB/s in 0s 2023-02-09 21:17:30 (7.92 MB/s) - ‘index.html.9’ saved [494/494]
The download was successful without verifying the server's certificate. If you have used wget in your bash scripts before, it looks like you need to give this parameter to all of these commands.
The solution below will help you a lot. Create a ".wgetrc
" file and type the following lines:
foc@fedora:~$ nano /usr/local/etc/wgetrc
check_certificate = off
Or you can do it in one line with echo:
echo "check_certificate = off" >> ~/.wgetrc
Try downloading with wget after this command:
foc@fedora:~$ wget https://expired.badssl.com
--2023-02-09 21:31:17-- https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: The certificate of ‘expired.badssl.com’ is not trusted.
WARNING: The certificate of ‘expired.badssl.com’ has expired.
The certificate has expired
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.11’
index.html.11 100%[=============>] 494 --.-KB/s in 0s
2023-02-09 21:31:19 (12.2 MB/s) - ‘index.html.11’ saved [494/494]
You can see that the download was successful without parameters.
What's NEXT?
15+ wget command examples in Linux [Cheat Sheet]
Tips to download file From Linux [Practical Examples]
Summary
You can get help about wget online here. For local help you can also open the -h/--help or manual page in terminal:
foc@fedora:~$ man wget
or
foc@fedora:~$ wget --help ... HTTPS (SSL/TLS) options: --secure-protocol=PR choose secure protocol, one of auto, SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3 and PFS --https-only only follow secure HTTPS links --no-check-certificate don't validate the server's certificate --certificate=FILE client certificate file --certificate-type=TYPE client certificate type, PEM or DER --private-key=FILE private key file --private-key-type=TYPE private key type, PEM or DER --ca-certificate=FILE file with the bundle of CAs --ca-directory=DIR directory where hash list of CAs is stored ...
References
stackoverflow.com - Ignore SSL Certificate Error with Wget
www.gnu.org - GNU Wget 1.21.1-dirty Manual