curl is verifying the cert.
I think it’s just that wget isn’t using the right trust store on your system. I don’t use a mac, so I couldn’t really say why.
FYI, you don’t need to specify :443 if you’re using https:// and you don’t need to specify :80 when using http://. Those ports are implicit for those schemes, in both Caddy and all HTTP clients.
You only need this if you have another proxy in front of Caddy. If you’re making requests directly to Caddy, you should remove this.
I don’t think you need this. What you should have though is header_up Host {upstream_hostport}. It would look like this:
reverse_proxy /example* https://example.com {
header_up Host {upstream_hostport}
}