snapd re-execs itself into the core snap as execution environment … the core snap is a readonly squashfs, while it has the default ca-certificates pre-installed, there is no actual way of dynamically adding additional certificates to it …
this kind of touches
