diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml
index a36140cdc1c9f7..fa858628aa9add 100644
--- a/.github/workflows/checksrc.yml
+++ b/.github/workflows/checksrc.yml
@@ -53,7 +53,12 @@ jobs:
           python3 -m pip install cmakelint==1.4.3
 
       - name: spellcheck
-        run: codespell --skip src/tool_hugehelp.c -I .github/scripts/codespell-ignore.txt include src lib
+        run: |
+          codespell \
+            --skip scripts/mk-ca-bundle.pl \
+            --skip src/tool_hugehelp.c \
+            -I .github/scripts/codespell-ignore.txt \
+            CMake include m4 scripts src lib
 
       - name: cmakelint
         run: scripts/cmakelint.sh
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 16080c9add9a67..fd42221f14c95e 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -31,7 +31,7 @@ This release includes the following bugfixes:
  o cmake: allow building tests in unity mode [31]
  o cmake: delete unused NEED_LBER_H, HAVE_LDAP_H [38]
  o cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled [44]
- o cmake: drop redundant assigments [49]
+ o cmake: drop redundant assignments [49]
  o cmake: drop redundant zlib var, rename function (internals) [50]
  o cmake: expand CURL_USE_PKGCONFIG to non-cross MINGW [13]
  o cmake: fix broken dependency chain for cmdline-opts, tidy-ups [11]
@@ -80,7 +80,7 @@ This release includes the following bugfixes:
  o tests: make precheck for HTTP on 127.0.0.1 into a feature [68]
  o tests: Only log warnings or worse by default in smbserver [33]
  o tests: postcheck is now in verify [69]
- o tests: remove all valgrind disble instructions [21]
+ o tests: remove all valgrind disable instructions [21]
  o tests: remove the %FTPTIME3 variable [41]
  o tests: speed up builds with single-binary test bundles [29]
  o tests: testrunner fairness [39]
diff --git a/docs/ECH.md b/docs/ECH.md
index 615e63da25d6ec..47b81c8e1e6bea 100644
--- a/docs/ECH.md
+++ b/docs/ECH.md
@@ -230,7 +230,7 @@ purpose. This code also implements the opportunistic (``--ech true``) or hard-fa
 (``--ech hard``) logic.
 
 Other than that, the main additions are in ``lib/doh.c``
-where we re-use ``dohprobe()`` to retrieve an HTTPS RR value for the target
+where we reuse ``dohprobe()`` to retrieve an HTTPS RR value for the target
 domain. If such a value is found, that is stored using a new ``doh_store_https()``
 function in a new field in the ``dohentry`` structure.
 
@@ -472,7 +472,7 @@ As of now we have not added support for using ``retry_config`` handling in the
 application - for a command line tool, one can just use ``dig`` (or ``kdig``)
 to get the HTTPS RR and pass the ECHConfigList from that on the command line,
 if needed, or one can access the value from command line output in verbose more
-and then re-use that in another invocation.
+and then reuse that in another invocation.
 
 Both our OpenSSL fork and BoringSSL have APIs for both controlling GREASE and
 accessing and logging ``retry_configs``, it seems wolfSSL has neither.
diff --git a/docs/TODO b/docs/TODO
index 92c4cceb1113ef..778ae21b6cb02e 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -1059,7 +1059,7 @@
 
 18.7 specify which response codes that make -f/--fail return error
 
- Allows a user to better specify exacly which error code(s) that are fine
+ Allows a user to better specify exactly which error code(s) that are fine
  and which are errors for their specific uses cases
 
 18.9 Choose the name of file in braces for complex URLs
diff --git a/lib/transfer.c b/lib/transfer.c
index 4c6538e9a5a813..2f003529fd8938 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -223,7 +223,7 @@ static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data,
       blen = (size_t)totalleft;
   }
   else if(xfer_recv_shutdown_started(data)) {
-    /* we already reveived everything. Do not try more. */
+    /* we already received everything. Do not try more. */
     blen = 0;
   }
 
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index f3679ed965201f..9ec2aad359eea9 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -541,7 +541,7 @@ static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt,
     mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags);
     failf(data, "mbedTLS: %s", buf);
 #else
-    failf(data, "mbedTLS: cerificate verification error 0x%08x", *flags);
+    failf(data, "mbedTLS: certificate verification error 0x%08x", *flags);
 #endif
   }
 
diff --git a/lib/ws.c b/lib/ws.c
index b2368682cc4449..802058647f7092 100644
--- a/lib/ws.c
+++ b/lib/ws.c
@@ -1247,7 +1247,7 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer,
         goto out;
       }
       /* We added the complete data to our sendbuf. Report one byte less as
-       * sent. This parital success should make the caller invoke us again
+       * sent. This partial success should make the caller invoke us again
        * with the last byte. */
       *sent = payload_added - 1;
       result = Curl_bufq_unwrite(&ws->sendbuf, 1);
diff --git a/scripts/checksrc.pl b/scripts/checksrc.pl
index 7ae5ba57ada9fa..0f727e38b988ef 100755
--- a/scripts/checksrc.pl
+++ b/scripts/checksrc.pl
@@ -630,7 +630,7 @@ sub scanfile {
         if($nostr =~ /^(.*[^']\?[^'].*)(\w|\)|\]|')\:/i) {
             my $m = $1;
             my $e = $nostr;
-            $e =~ s/'(.)':'(.)'/$1:$2/g; # eliminate chars quotes that suround colon
+            $e =~ s/'(.)':'(.)'/$1:$2/g; # eliminate chars quotes that surround colon
             $e =~ s/':'//g;              # ignore these
             if($e =~ /^(.*[^']\?[^'].*)(\w|\)|\]|')\:/i) {
                 checkwarn("NOSPACEC",
@@ -642,7 +642,7 @@ sub scanfile {
         if($nostr =~ /^(.*[^'"]\?[^'"].*)\:(\w|\)|\]|')/i) {
             my $m = $1;
             my $e = $nostr;
-            $e =~ s/'(.)':'(.)'/$1:$2/g; # eliminate chars quotes that suround colon
+            $e =~ s/'(.)':'(.)'/$1:$2/g; # eliminate chars quotes that surround colon
             $e =~ s/':'//g;              # ignore these
             if($e =~ /^(.*[^'"]\?[^'"].*)\:(\w|\)|\]|')/i) {
                 checkwarn("NOSPACEC",
diff --git a/scripts/managen b/scripts/managen
index df7663cd3e84df..20abfc12efefbf 100755
--- a/scripts/managen
+++ b/scripts/managen
@@ -1256,7 +1256,7 @@ elsif($cmd eq "-c") {
 
 my @files = @ARGV; # the rest are the files
 
-# can be overriden for releases
+# can be overridden for releases
 if($ENV{'CURL_MAKETGZ_VERSION'}) {
     $version = $ENV{'CURL_MAKETGZ_VERSION'};
 }
diff --git a/tests/ech_tests.sh b/tests/ech_tests.sh
index 615323b485ff3d..1746f165116474 100755
--- a/tests/ech_tests.sh
+++ b/tests/ech_tests.sh
@@ -93,13 +93,13 @@ declare -A neither_targets=(
 # Top of curl test tree, assume we're there
 : "${CTOP:=.}"
 
-# Plase to put test log output
+# Place to put test log output
 : "${LTOP:=$CTOP/tests/ech-log/}"
 
-# place to stash outputs when things go wrong
+# Place to stash outputs when things go wrong
 : "${BTOP:=$LTOP}"
 
-# time to wait for a remote access to work, 10 seconds
+# Time to wait for a remote access to work, 10 seconds
 : "${tout:=10s}"
 
 # Where we find OpenSSL .so's