warning: Description: "Authenticity is not established by certificate path validation", Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"
That’s a warning from the erlang ssl library, without knowing where and when you’re getting the error maybe this blog post can help.
It describes configuring :httpc for ssl verification, which doesn’t come pre-configured out the box. In particular this part at the end:
Adding hostname verification with the ssl_verify_fun package is very similar to what we did for HTTPotion: in order to pass the expected hostname value as part of the verify_fun option, we need to pass in ssl options as part of the request. With httpc this means using the more elaborate request/4 API:
The question is which client is establishing the connection. It could be your own code, but it is likely some HTTP or other protocol client that you pulled in as a dependency. Some clients use appropriate defaults, others require you to pass in ssl options yourself, and yet others are safe by default unless you pass in custom ssl options, in which case it is entirely your responsibility to set all options correctly.
Once you specify your own ssl: config you’re on your own as it clobbers the rest of the default configuration by design. The Q&A at the end also touches on this.