If you use the View Certificate link (sometimes, this requires clicking the Advanced button), is there any pattern to the issuer, such as a proxy server or security software vendor?

They all seem to be issued by dedicated certificate companies, though almost all use Sectigo certificates (the .edu ones use InCommon).

Usually the View Certificate page has multiple tabs. You could start with the right-most tab and see whether that ultimate signing certificate is listed as trusted here as a Builtin Object Token:

Settings page > type cert in the tiny search box to filter the page > View Certificates button > Authorities tab

Or if Firefox is set to use the system certificate store (checkbox for "Allow Firefox to automatically trust third-party root certificates you install") perhaps you need to check somewhere else on the system (I'm not familiar with how Linux handles it).

They all share the "USERTrust RSA Certification Authority" as the highest level cert which (along with its issuer) *is* labelled as "Default Trust". If I click "Edit Trust", there are checkboxes for identifying websites and mail users, both of which are unchecked for *all* authorities that I checked. I believe the system install of Firefox that comes with Linux distributions is already set to use the system certificate store based on prior searching, and there are no settings corresponding to root certificates other than the usual certificate list.

To try and eliminate all possible variables, I downloaded and ran the current Firefox Nightly (144.0b9) and visited these sites with no issue. It seems there is something about the pre-loaded system install of Firefox Stable that is causing these certificate issues, but I am not sure what it could be.