Rebar3 cannot download packages behind proxy, CA certificate is missing/unknown

When trying to download packages to be compiled with rebar3 behind a proxy server, especially in corporate environment with custom CA certificate, there is an error:

TLS client: In state certify at ssl_handshake.erl:2015 generated CLIENT ALERT: Fatal - Unknown CA

The expectation is that you can download packages for compilation on your system, both with mix deps.compile or with rebar3.

Solution

According to this comment all you have to do is:

to download root CA certificate, for example, for repo.hex.pm
store it somewhere on your disk, for example, as /temp/BestCompanyCA.crt
on Windows, create a file .config/rebar3/rebar.config in your C:\Users\[your username] folder
on Linux, create a file ~/.config/rebar3/rebar.config
and put in it this code with proper path to your root CA certificate

{ssl_cacerts_path, ["/usr/local/share/ca-certificates/Foo-CA.crt"]}.

Notice the . and the end of the line, it's important.

After that, you should have no issues.