diff --git a/src/usr/doc/ChangeLog.txt b/src/usr/doc/ChangeLog.txt
index 2ab5d57..a7d7580 100644
--- a/src/usr/doc/ChangeLog.txt
+++ b/src/usr/doc/ChangeLog.txt
@@ -42,6 +42,9 @@ enhancements:
     specify app-specific options on the command line. These take the form of,
     e.g., '-i app1:opt1="foo bar":opt2=baz app2:opt=mu'. If that's cryptic,
     see the manual for details.
+  * Users now have the option of interactively retrying a failed https
+    download, invoking wget with '--no-check-certificate', as this can be
+    caused by 'self-signed certificates' and the like.
 +--------------------------+
 Thu May 27 18:13:59 UTC 2010
 Sbopkg 0.33.1 released.  This version contains the following fixes and
diff --git a/src/usr/sbin/sbopkg b/src/usr/sbin/sbopkg
index 5bb685e..d5789ac 100755
--- a/src/usr/sbin/sbopkg
+++ b/src/usr/sbin/sbopkg
@@ -2875,6 +2875,33 @@ EOF
     fi
 }
 
+check_cert_prompt() {
+    # this asks the user if they want to retry a download that may have failed
+    # due to an SSL error.
+
+    local REPLY
+
+    echo
+    crunch_fmt "$SCRIPT: Some https download errors can be worked around \
+        by temporarily adding '--no-check-certificate' to WGETFLAGS. If \
+        unsure, see the wget manual on the use of this flag."
+    echo
+    while :; do
+        printf "Would you like to have sbopkg attempt this? [Y/n]: "
+        error_read
+        case $REPLY in
+            Y|y|'')
+                echo "Re-trying with '--no-check-certificate'."
+                echo
+                TWGETFLAGS+=" --no-check-certificate"
+                return
+                ;;
+            N|n) return 1 ;;
+            *) unknown_response ;;
+        esac
+    done
+}
+
 get_source() {
     # Check to see if the source tarball exists in the local cache directory.
     # If it does, make a symlink to the package directory in the local mirror.
@@ -2893,7 +2920,7 @@ get_source() {
     local DLDIR=$SBOPKGTMP/sbopkg-download
     local PIDLIST=$SBOPKGTMP/sbopkgpidlist
     local TMPSUMMARYLOG=$SBOPKGTMP/sbopkg-tmp-summarylog
-    local SRCNAME DL_SRCNAME DL FAILURE MD5CHK i CWD
+    local SRCNAME DL_SRCNAME DL FAILURE MD5CHK i CWD TWGETFLAGS
     # Don't pollute the environment with the .info content...
     local PRGNAM VERSION HOMEPAGE DOWNLOAD MD5SUM MAINTAINER EMAIL APPROVED
 
@@ -2903,6 +2930,7 @@ get_source() {
     echo | tee -a $TMPSUMMARYLOG
     echo "$PKG:" | tee -a $TMPSUMMARYLOG
     for i in ${!MD5SUM[@]}; do
+        TWGETFLAGS=$WGETFLAGS
         while :; do
             cd "$CWD"
             SRCNAME=$(get_source_names --placeholder $INFO)
@@ -2938,7 +2966,7 @@ get_source() {
             cd $DLDIR
 
             if [[ -z $NO_DL_LOOP ]]; then
-                wget $WGETFLAGS ${DOWNLOAD[$i]} >> \
+                wget $TWGETFLAGS ${DOWNLOAD[$i]} >> \
                     $SBOPKGOUTPUT & echo "$!" >> $PIDLIST 2>> $SBOPKGOUTPUT
                 wait
             else
@@ -2956,6 +2984,10 @@ get_source() {
                 NO_DL_LOOP=1
                 mv "$DL" "$SRCDIR/$DL_SRCNAME"
             else
+                if [[ ${DOWNLOAD[$i]} == https://* &&
+                        $TWGETFLAGS != *no-check-certificate* ]]; then
+                    check_cert_prompt && continue
+                fi
                 FAILURE=download
                 echo "  Download failed." >> $TMPSUMMARYLOG
                 echo >> $TMPSUMMARYLOG