How to Use Wget with Self-Signed Certificates on Ubuntu

This guide explains how to resolve SSL certificate errors when using the wget command on Ubuntu. You will learn how to download files from servers that use self-signed certificates by modifying wget flags to bypass verification checks.

When you attempt to download a file from a secure server, wget verifies the SSL certificate against a list of trusted Certificate Authorities. If the server uses a self-signed certificate, this verification fails, and wget refuses to download the file to protect you from potential security risks. To override this behavior, you must explicitly tell wget to ignore the certificate validation.

Use the --no-check-certificate option followed by the target URL. The command syntax is as follows:

wget --no-check-certificate https://example.com/file.zip

This flag disables the verification of the server’s SSL certificate entirely. It allows the connection to proceed and the file to download even if the certificate is self-signed, expired, or mismatched.

Security Warning Only use this method if you absolutely trust the server you are connecting to. Disabling certificate verification makes you vulnerable to man-in-the-middle attacks, where an attacker could intercept or modify the data during transfer. For sensitive operations, it is safer to import the specific self-signed certificate into your Ubuntu CA trust store rather than bypassing the check globally.

If you need to download multiple files from the same trusted source, you can configure wget to skip checks by default. Edit or create the .wgetrc file in your home directory and add the following line:

check_certificate = off

Remember to re-enable certificate checks after completing your tasks to maintain standard security protocols on your system.