This is getting really annoying. pip is also affected by this (maybe because it also uses wget):
root@shark:~# pip3 install netifaces
Collecting netifaces
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:852)'),)': /simple/netifaces/
[...]
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:852)'),)) - skipping
The /etc/ssl/certs/ directory does exist with many certificates. The /etc/ssl/cert.pem points to /etc/ssl/certs/ca-certificates.crt which also exists.
I believe that there's either an old ca-certificates.crt or wget are not using the /etc/ssl/* correctly.
Please look into this.