For the record, I found that when running Duplicati as daemon / service on MacOS (meaning it was running under root) I needed to run:
sudo -i #interactive login so all following commands execute as root
curl -O https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm cacert.pem #for MacOS