How to Use `curl` to Ignore SSL Certificate Errors Safely

When working with APIs or testing websites in development, you might encounter SSL-related errors while using curl
. These errors happen when curl
can’t verify a website’s SSL certificate—often due to self-signed certificates, expired certificates, or staging environments. In these cases, knowing how to make curl
ignore SSL verification can be very useful.
Why SSL Verification Matters
SSL (Secure Sockets Layer) ensures the data you send and receive over HTTPS is encrypted and secure. Before establishing a secure connection, curl
checks whether the server’s certificate is valid and trusted.
If the certificate is:
- Self-signed (not issued by a trusted authority)
- Expired
- Incorrectly configured
Then curl
will block the request and show this common error:
curl: (60) SSL certificate problem: self signed certificate
This is by design—to protect you from insecure or fake websites.
How to Ignore SSL in curl
To bypass this verification step (only when you know it’s safe), use the -k
or --insecure
option:
curl -k https://example.com
or
curl --insecure https://example.com
This tells curl
to proceed even if the SSL certificate can’t be verified.
⚠️ Important: Only use
--insecure
in trusted environments like development or testing. Avoid it in production, as it disables one of the key protections of HTTPS.
Can I Always Ignore SSL by Default?
Yes, but it’s risky. If you want to make curl
always ignore SSL, add this to your ~/.curlrc
file:
insecure
Again, this is not recommended unless you have full control over the environment and understand the risks involved.
Ignore SSL in Code (with Curl Bindings)
If you’re using curl
through code, here’s how you can ignore SSL in different languages:
PHP (with cURL)
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // disables SSL verification
$response = curl_exec($ch);
curl_close($ch);
Python (using PycURL)
import pycurl
c = pycurl.Curl()
c.setopt(c.URL, 'https://example.com')
c.setopt(c.SSL_VERIFYPEER, 0) # ignore SSL verification
c.setopt(c.SSL_VERIFYHOST, 0)
c.perform()
c.close()
Again: only use this for testing purposes. Ignoring SSL verification in production environments can make your app vulnerable to man-in-the-middle (MITM) attacks.
When Should You Ignore SSL?
Here are a few legitimate use cases:
- Testing a new API server with a self-signed certificate
- Crawling or scraping a dev/staging site without a proper certificate
- Making internal calls in a local network where security is already managed
Conclusion
The curl -k
or --insecure
flag can be a handy tool—but it’s not something you should rely on in production. Always use it with caution, and only in trusted environments.
SSL certificates exist to protect users, and skipping verification weakens that layer of protection. If you’re frequently running into SSL errors during scraping or automation tasks, consider:
- Installing the correct root certificates
- Using a valid certificate, even in staging
- Or working with a proxy solution that handles SSL verification for you
Table of Contents
Take a Taste of Easy Scraping!
Get started now!
Step up your web scraping
Find more insights here

Capsolver: The AI‑Driven Captcha Solver You Need for Web Scraping
Discover how Capsolver helps solve CAPTCHAs like reCAPTCHA, hCaptcha, and Turnstile fast and reliably for web scraping and automation tasks.

How to Unblock Websites: Safe and Effective Methods in 2025
Learn safe, effective ways to unblock websites using VPNs, proxies, DNS changes, and more. A complete guide for bypassing online restrictions in 2025.

This Network is Blocking Encrypted DNS Traffic: What It Means and How to Fix It
Learn what it means when your network blocks encrypted DNS traffic and how to fix it using VPNs, secure DNS, or proxies from MrScraper.
@MrScraper_
@MrScraper