All TLS requests giving Peer's certificate issuer has been marked as not trusted by the user

When I try an https request to google.com, I just recently started seeing [root@ip-172-31-47-76 ~]# curl -I -v https://google.com * Rebuilt URL to: https://google.com/ * Trying 216.58.193.78... * TCP_NODELAY set * Connected to google.com (216.58.193.78) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US * start date: Feb 20 14:17:23 2018 GMT * expire date: May 15 14:08:00 2018 GMT * common name: *.google.com * issuer: CN=Google Internet Authority G2,O=Google Inc,C=US * NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER) * Peer's certificate issuer has been marked as not trusted by the user. * stopped the pause stream! * Closing connection 0 curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here: https://curl.haxx.se/docs/sslcerts.html This is affecting my ability to update the system as yum update requests fail as well. I've tried reimporting my certificates using the instructions on this page: https://access.redhat.com/solutions/1549003 . I've also tried manually adding Google cert using the instructions here: https://curl.haxx.se/docs/sslcerts.html . Neither worked. I'm not sure if it's related but I tried troubleshooting further with the certutil utility but that can't be run [root@ip-172-31-47-76 ~]# certutil certutil: /usr/local/firefox/libnss3.so: version `NSS_3.30' not found (required by certutil) Not quite sure what happened here but I would appreciate any help. This is using an Amazon Linux image.