Seems like curl does not find ca-certificates. I tried to use dyndns and had no luck with it (curl error 77 in logs). Needed to install wget to get things working (along with ca-certificates).
Curl seems to insist on looking at /etc/ssl/ca-certificates.crt, despite it supposedly should support the argument --capath:
root@LEDE:~# curl --capath /etc/ssl/certs/ https://curl.haxx.se/ca/cacert.pem curl: (77) Error reading ca cert file /etc/ssl/certs/ca-certificates.crt - mbedTLS: (-0x3E00) PK - Read/write of file failed
This happens with any https:// address.
Is this a bug in current curl? If not, dyndns article should be updated (along with LUCI hints).