Handshake failures typically are one of the following:
You’re using a self-signed certificate and the CA hasn’t been added to the device that’s making the connection.
The certificate on the server is expired
The domain name being connected to doesn’t match what is on the certificate
As far as fixing this, I’m probably not going to be very helpful, but at a minimum it would be good to understand if you’re using a self-signed certificate or if you used a 3rd party CA like let’s encrypt or godaddy.
I think I am doing something wrong when I’m creating the certificates or I have forgotten to set up something at FreePBX. However, nowhere I can find a documentation like version 14. There is a certificate menu item.