Thank you @ingela and @afa for your replies.
@afa I already tried the --insecure on the mosquitto side, but it does make any difference, the outcome is the same.
I thought that using self-signed certificates was a viable choice, since there were signs of previous attempts on this forum (e.g.this thread) 
I’ll try to dig a bit deeper into the topic following also your hints @ingela.