You may find GitHub - corememltd/acmerl: Erlang ACME implementation useful to crib from, in particularly ranch_ssl_acme:challenge/3 and acme_client_certificate:ready/3.
This code has been extracted from an internal project so is likely to not be directly usable, but when writing it at the time I also noticed that it was hard to navigate public_key; I think I ended up just reading the OTP source until I started figuring it out.
Apologies for the roughness of the code, it was needed for a PoC and gen_statem had just appeared it was unclear at the time to me how to accomplish what I wanted with it. I recommend ignoring everything except my interaction with ssl and public_key 
This project exists really now for me as just a map of how to do this in the future.
Of note, you likely will need something like ranch_ssl_acme for your project as IIRC at the time ranch did not support ssl:handshake_continue in a way that was usable to me; things may have changed since, I have not looked if they have though.
Good luck in your adventures!