How to Use `curl` to Ignore SSL Certificate Errors Safely

When working with APIs or testing websites in development, you might encounter SSL-related errors while using curl
. These errors happen when curl
can’t verify a website’s SSL certificate—often due to self-signed certificates, expired certificates, or staging environments. In these cases, knowing how to make curl
ignore SSL verification can be very useful.
Why SSL Verification Matters
SSL (Secure Sockets Layer) ensures the data you send and receive over HTTPS is encrypted and secure. Before establishing a secure connection, curl
checks whether the server’s certificate is valid and trusted.
If the certificate is:
- Self-signed (not issued by a trusted authority)
- Expired
- Incorrectly configured
Then curl
will block the request and show this common error:
curl: (60) SSL certificate problem: self signed certificate
This is by design—to protect you from insecure or fake websites.
How to Ignore SSL in curl
To bypass this verification step (only when you know it’s safe), use the -k
or --insecure
option:
curl -k https://example.com
or
curl --insecure https://example.com
This tells curl
to proceed even if the SSL certificate can’t be verified.
⚠️ Important: Only use
--insecure
in trusted environments like development or testing. Avoid it in production, as it disables one of the key protections of HTTPS.
Can I Always Ignore SSL by Default?
Yes, but it’s risky. If you want to make curl
always ignore SSL, add this to your ~/.curlrc
file:
insecure
Again, this is not recommended unless you have full control over the environment and understand the risks involved.
Ignore SSL in Code (with Curl Bindings)
If you’re using curl
through code, here’s how you can ignore SSL in different languages:
PHP (with cURL)
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // disables SSL verification
$response = curl_exec($ch);
curl_close($ch);
Python (using PycURL)
import pycurl
c = pycurl.Curl()
c.setopt(c.URL, 'https://example.com')
c.setopt(c.SSL_VERIFYPEER, 0) # ignore SSL verification
c.setopt(c.SSL_VERIFYHOST, 0)
c.perform()
c.close()
Again: only use this for testing purposes. Ignoring SSL verification in production environments can make your app vulnerable to man-in-the-middle (MITM) attacks.
When Should You Ignore SSL?
Here are a few legitimate use cases:
- Testing a new API server with a self-signed certificate
- Crawling or scraping a dev/staging site without a proper certificate
- Making internal calls in a local network where security is already managed
Conclusion
The curl -k
or --insecure
flag can be a handy tool—but it’s not something you should rely on in production. Always use it with caution, and only in trusted environments.
SSL certificates exist to protect users, and skipping verification weakens that layer of protection. If you’re frequently running into SSL errors during scraping or automation tasks, consider:
- Installing the correct root certificates
- Using a valid certificate, even in staging
- Or working with a proxy solution that handles SSL verification for you
Table of Contents
Take a Taste of Easy Scraping!
Get started now!
Step up your web scraping
Find more insights here

Social Media Proxies: Boost Privacy and Bypass Geo-Restrictions
Social media proxies are a cornerstone of modern online operations—be it account management, scraping, or ad campaigns.

Best Facebook Proxies for Ads, Scraping, and Privacy in 2025
Facebook proxy routes your device’s Facebook traffic through an intermediary server. Instead of connecting directly, you use the proxy server to access Facebook, masking your real IP and location.

Proxy Helper: Your Chrome Extension for Browser-Level Proxy Control
Proxy Helper is a Chrome extension that allows users to configure and switch proxies directly within the browser, without touching system-wide settings.
@MrScraper_
@MrScraper