How to ignore certificate check in wget? [SOLVED]


Tips and Tricks, Linux

Author: Omer Cakmak
Reviewer: Deepak Prasad

wget is a popular command for downloading files from the internet with protocols such as HTTP, HTTPS, and FTP. With the terminal emulator you use, you can download without logging in to the internet address. If the website you want to download has an insecure and problematic ssl certificate, you will encounter the following errors:

ERROR: Certificate '--' is not trusted.
ERROR: Certificate '--' has no known issuer.
The certificate has expired

You cannot download and it will show you that the address you want to download from has a security problem. We will tell you how to proceed with the download with the following steps.

 

Ignore SSL Certificate in Wget

When you open a website with a browser, if you encounter the following screen, it indicates that this site has a problem with the SSL certificate:

Ignore SSL Certificate


You can access the site with AdvancedAccept the Risk and Continue.

How to ignore certificate check in wget? [SOLVED]

Now let's try to download files from this website with wget in terminal:

foc@fedora:~$ wget https://expired.badssl.com
--2023-02-09 19:44:12--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
ERROR: The certificate of ‘expired.badssl.com’ is not trusted.
ERROR: The certificate of ‘expired.badssl.com’ has expired.
The certificate has expired

As you can see the download failed. The "--no-check-certificate" parameter is used to solve this problem:

foc@fedora:~$ wget --no-check-certificate https://expired.badssl.com
--2023-02-09 21:17:30--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: The certificate of ‘expired.badssl.com’ is not trusted.
WARNING: The certificate of ‘expired.badssl.com’ has expired.
The certificate has expired
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.9’
index.html.9 100%[=============>] 494 --.-KB/s in 0s
2023-02-09 21:17:30 (7.92 MB/s) - ‘index.html.9’ saved [494/494]

The download was successful without verifying the server's certificate. If you have used wget in your bash scripts before, it looks like you need to give this parameter to all of these commands.

The solution below will help you a lot. Create a ".wgetrc" file and type the following lines:

foc@fedora:~$ nano /usr/local/etc/wgetrc
check_certificate = off

Or you can do it in one line with echo:

echo "check_certificate = off" >> ~/.wgetrc

Try downloading with wget after this command:

foc@fedora:~$ wget https://expired.badssl.com
--2023-02-09 21:31:17--  https://expired.badssl.com/
Resolving expired.badssl.com (expired.badssl.com)... 104.154.89.105
Connecting to expired.badssl.com (expired.badssl.com)|104.154.89.105|:443... connected.
WARNING: The certificate of ‘expired.badssl.com’ is not trusted.
WARNING: The certificate of ‘expired.badssl.com’ has expired.
The certificate has expired
HTTP request sent, awaiting response... 200 OK
Length: 494 [text/html]
Saving to: ‘index.html.11’
index.html.11 100%[=============>] 494 --.-KB/s in 0s
2023-02-09 21:31:19 (12.2 MB/s) - ‘index.html.11’ saved [494/494]

You can see that the download was successful without parameters.

 

What's NEXT?

15+ wget command examples in Linux [Cheat Sheet]
Tips to download file From Linux [Practical Examples]

 

Summary

You can get help about wget online here. For local help you can also open the -h/--help or manual page in terminal:

foc@fedora:~$ man wget

or

foc@fedora:~$ wget --help
...
HTTPS (SSL/TLS) options:
       --secure-protocol=PR        choose secure protocol, one of auto, SSLv2,
                                     SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3 and PFS
       --https-only                only follow secure HTTPS links
       --no-check-certificate      don't validate the server's certificate
       --certificate=FILE          client certificate file
       --certificate-type=TYPE     client certificate type, PEM or DER
       --private-key=FILE          private key file
       --private-key-type=TYPE     private key type, PEM or DER
       --ca-certificate=FILE       file with the bundle of CAs
       --ca-directory=DIR          directory where hash list of CAs is stored
...

 

References

stackoverflow.com - Ignore SSL Certificate Error with Wget
www.gnu.org - GNU Wget 1.21.1-dirty Manual

 

Omer Cakmak

Omer Cakmak

He is highly skilled at managing Debian, Ubuntu, CentOS, Oracle Linux, and Red Hat servers. Proficient in bash scripting, Ansible, and AWX central server management, he handles server operations on OpenStack, KVM, Proxmox, and VMware. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment