Note that for wildcard certs you need to add an additional option, :customize_hostname_check
[
ssl: [
verify: :verify_peer,
cacerts: :public_key.cacerts_get(),
versions: [:"tlsv1.2"],
customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
]
]
]
More info: Erlang standard library: ssl | EEF Security WG (note the depth option as well)
And for :public_key.cacerts_get() to work, you might need to first :public_key.cacerts_load() the certs (e.g. during application startup). Right now in your case it seems to be returning :undefined.
