I’m not familiar with what you’re trying to do and I wasn’t aware of pkgs.cacerts (which will probably help me in the future, thanks for sharing). My painful experience with setting up certificate is that there’s always one extra place to set them up :(. I haven’t had this exact error yet though.
Have you confirmed that you the generated bundle is where you expect and works? Is the problem only with nix and/or git?
If yes, I’d try to get more log about what git is using, maybe try GIT_CURL_VERBOSE=1.