EDIT: the problem was resolved, it is a bug with native-tls. Fixed by explicitly setting certificate checks to “strict”. It was set to legacy “automatic2” which was used for old accounts created in old DC versions.
The bug is fixed in core 1.156.2 and should not affect most users, only those who created accounts in old DC versions.