In general it looks like DeltaChat stoped or never did sending SNI during request to server, so server replies with default certificate, which creates error during TLS handshkae.
When a client does not send the Server Name Indication (SNI) extension during a TLS handshake, the server cannot determine which hostname the client is trying to reach if it hosts multiple secure websites on a single IP address. This leads to a certificate mismatch error and a failed connection.
The most effective solution is to upgrade the DeltaChat or application library to a modern version that supports SNI.