Troubleshooting envoy certificate errors

I have been trying to get my nomad worker to run the countdash job in the Consul Service Mesh | Nomad | HashiCorp Developer demo for quite some time now, with really bad success rates. I am getting an CERTIFICATE_VERIFY_FAILED error, which is really frustrating, since there are no further indications about what is actually the error, just that there is one.

So, is there anyone who has good tips on troubleshooting envoy errors? I have been trying all kinds of conceivable certificate variations, but without more information to go on, I just can’t figure out which certificate is the problem, and what the problem is. I have setup consul using auto_config, which I would assume would take care of these problems for me, but I am not clear on whether it is the nomad certificate or the consul certificate that would be used for the envoy proxy, although I do assume it’s the consul one.

There is supposedly a way to set the envoy log_level using a meta.connect.log_level variable, but I have no clear grasp of where to set that value. Is there a way to look at the envoy config in the running to container to understand which certificate is being presented, and, ideally, what the requirements of the certificate are that makes it fail? Is there a way to (temporarily) just disable the TLS checking in envoy and get back to this problem later? Any ideas would be appreciated.