I finally resolved this issue by using the official Ubuntu Docker image lớn generate a new ca-certificates.crt and copy it lớn my host machine. This is roughly how you could follow the same pattern:
$ docker pull ubuntu # You might want lớn specify a version here
$ docker lập cập --rm -it --name ubuntu-docker docker.io/library/ubuntu:latest bash
root@3a5c34437949:/$ apt update && apt install -y curl
root@3a5c34437949:/$ curl http://echo.jsontest.com/it/works
{"it": "works"}
Then in a separate window or tab while container is still running:
$ cp /etc/ssl/certs/ca-certificates.crt ~ # Backup just in case
$ docker cp ubuntu-docker:/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
From this point curl started working immediately. The installation or reinstallation of ca-certificates DID NOT work for bủ. I had recently dabbled with adding a custom certificate into the chain and I might've hosed the tệp tin. I'm guessing Ubuntu never overwrote it because it didn't want lớn clobber my changes.
Update:
While the above did work for bủ it was really just a temporary fix and any refresh of my ca-certificates would bring the issue back. Apparently I forgot that I copied a custom certificate tệp tin into /usr/local/share/ca-certificates/ and it kept getting appended lớn my ca-certificates.crt. That on it's own isn't bad, but that particular cert tệp tin wasn't in PEM format, which is what ca-certificates requires.
In short, be careful what you copy into those ca-certificates folders.