Sorry, confused about your dfn.de?
But why some does not open at all and why just claim invalid cert is due to some site require newer tls version than n9 stock browser can handle.
$ curl --tlsv1.0 --http1.1 -I https://letsencrypt.org HTTP/1.1 200 OK Cache-Control: public, max-age=0, must-revalidate Content-Security-Policy: default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com ; Content-Type: text/html; charset=UTF-8 Date: Mon, 08 Mar 2021 19:53:32 GMT Etag: "19873a3066d9bf6b89cb7caa96d7f08f-ssl" Feature-Policy: geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker self; vibrate none; fullscreen self; Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 1; mode=block Age: 41554 Content-Length: 31102 Connection: keep-alive Server: Netlify X-NF-Request-ID: fa8be451-de71-479d-ac5f-b2bd9453c353-3824212