Git called by AWX ignores manually installed root CA

AWX is installed on CentOS machine. A separate machine (gitlab.techraf) serves GitLab's web interface over HTTPS with a certificate signed by a private CA.

The storyline:

1. On a "fresh" system I issue the command:

   /usr/bin/git clone --origin origin https://gitlab.techraf/techraf/project.git /tmp/project
   

   and get (expected):

   fatal: unable to access 'https://gitlab.techraf/techraf/project.git/': Peer's Certificate issuer is not recognized.

2. I install the root CA certificate on the AWX machine:

   update-ca-trust force-enable
   curl https://certificate.source/certificates/techrafCA.pem > /etc/pki/ca-trust/source/anchors/techrafCA.pem
   update-ca-trust extract
   

3. I retry the above git clone, this time getting a correct response:

   Cloning into '/tmp/project'…
   remote: Counting objects: 3, done.
   remote: Total 3 (delta 0), reused 0 (delta 0)
   Unpacking objects: 100% (3/3), done.

   ^{As a sanity check I ran git clone using different user accounts – no problem after root CA certificate installation in point 2 – the root CA seems to be installed system-wise. curl also accepts the gitlab.techraf's certificate.}

4. (problem) I define a project in AWX interface and try to synchronise it from the GitLab, however I get:

   TASK [update project using git]
   ************************************************
   fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin https://gitlab.techraf/techraf/project.git /var/lib/awx/projects/_6__project", "failed": true, "msg": "fatal: unable to access 'https://gitlab.techraf/techraf/project.git/': Peer's Certificate issuer is not recognized.", "rc": 128, "stderr": "fatal: unable to access 'https://gitlab.techraf/techraf/project.git/': Peer's Certificate issuer is not recognized.\n", "stderr_lines": ["fatal: unable to access 'https://gitlab.techraf/techraf/project.git/': Peer's Certificate issuer is not recognized."], "stdout": "Cloning into '/var/lib/awx/projects/_6__project'…\n", "stdout_lines": ["Cloning into '/var/lib/awx/projects/_6__project'…"]}

   ^{As a sanity check I tried with a project from GitHub and AWX fetches it correctly.}

   ^{As another sanity check I ran ansible localhost -m command -a "/usr/bin/git clone --origin origin https://gitlab.techraf/techraf/project.git /tmp/project2, as well as from a different machine to ensure non-interactive shell sessions work the same. In either case the certificate was accepted.}

What can be the cause of git (called by AWX/Ansible) not using the installed techrafCA.pem certificate?

What is the next step I can take to troubleshoot the issue?