You might want to try using a cert from a different Certificate Authority. After Sept30 2021 there were many, um, unusual clients that had difficulties with the different chains Let's Encrypt offers. These are the short (alternate) and long (default) chains. The alternate chain was added to assist clients that did not handle the expired DST Root CA X3 in the chain that helped with older Androids.
You have not described which chain the syncplay server sends. And, it's not clear which CA Root store your client uses. Some client TLS packages have their own store.
It is difficult to debug that also given your need for secrecy and the opportunistic TLS. So, trying a different CA with an older root may work better. Just an idea. Maybe try ZeroSSL or another free CA.
To be clear, I am not being dismissive. It's just sometimes that's best.