diff --git a/nix/pkgs/complement/config.toml b/nix/pkgs/complement/config.toml
index 99c151c5..4d7637db 100644
--- a/nix/pkgs/complement/config.toml
+++ b/nix/pkgs/complement/config.toml
@@ -32,6 +32,8 @@ allow_legacy_media = true
 startup_netburst = true
 startup_netburst_keep = -1
 
+allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true
+
 # valgrind makes things so slow
 dns_timeout = 60
 dns_attempts = 20
diff --git a/src/core/config/check.rs b/src/core/config/check.rs
index 98223be4..f9d51eeb 100644
--- a/src/core/config/check.rs
+++ b/src/core/config/check.rs
@@ -28,6 +28,10 @@ pub fn check(config: &Config) -> Result {
 		warn!("Note: conduwuit was built without optimisations (i.e. debug build)");
 	}
 
+	if config.allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure {
+        warn!("\n\nWARNING: \n\nTLS CERTIFICATE VALIDATION IS DISABLED, THIS IS HIGHLY INSECURE AND SHOULD NOT BE USED IN PRODUCTION.\n\n");
+    }
+
 	warn_deprecated(config);
 	warn_unknown_key(config);
 
diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs
index e69a56b9..6b669ad3 100644
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -52,7 +52,7 @@ use crate::{Result, err, error::Error, utils::sys};
 ### For more information, see:
 ### https://conduwuit.puppyirl.gay/configuration.html
 "#,
-	ignore = "catchall well_known tls blurhashing"
+	ignore = "catchall well_known tls blurhashing allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure"
 )]
 pub struct Config {
 	/// The server_name is the pretty name of this server. It is used as a
@@ -1806,6 +1806,16 @@ pub struct Config {
 	#[serde(default = "true_fn")]
 	pub config_reload_signal: bool,
 
+	/// Toggles ignore checking/validating TLS certificates
+	///
+	/// This applies to everything, including URL previews, federation requests,
+	/// etc. This is a hidden argument that should NOT be used in production as
+	/// it is highly insecure and I will personally yell at you if I catch you
+	/// using this.
+	#[serde(default)]
+	pub allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure:
+		bool,
+
 	// external structure; separate section
 	#[serde(default)]
 	pub blurhashing: BlurhashConfig,
diff --git a/src/service/client/mod.rs b/src/service/client/mod.rs
index d5008491..d51e5721 100644
--- a/src/service/client/mod.rs
+++ b/src/service/client/mod.rs
@@ -128,7 +128,8 @@ fn base(config: &Config) -> Result<reqwest::ClientBuilder> {
 		.pool_max_idle_per_host(config.request_idle_per_host.into())
 		.user_agent(conduwuit::version::user_agent())
 		.redirect(redirect::Policy::limited(6))
-		.connection_verbose(true);
+        .danger_accept_invalid_certs(config.allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure)
+		.connection_verbose(cfg!(debug_assertions));
 
 	#[cfg(feature = "gzip_compression")]
 	{