EC21 ssl connection no longer working

Hi,
I am using EC21-E Mini PCIe modul for secure connection to our server. It was working for the last 3 years.
But with the latest batch of modules it does not work. The AT+QSSLOPEN command returns error 550 - Unknown error.
I can make calls, send sms and make unsecure TCP connections but not secure. I tested more than 20 of them with the same result.
If I use one of the older modules it still connects fine.
Was there some kind of change in the modules I need to accomodate in my application?
Or is it possible they are faulty and we should complain about them with the seller?
Thank you.

hi,IvanPI:
Do you need to replace/regenerate a new CA certificate to connect to the server using a new device?I suggest that you can upload the operation logs of the server with normal connection and abnormal connection. We will diagnose and troubleshoot the possible causes according to your operation logs.

Hi Herbert.
Thank you for your quick response.
I am sending the logs.
Logs.zip (5.4 KB)
From the non functional module there are two versions with security level set to 0 and to 2.
For testing purposes the client certificate check on server is turned off (normaly it is checked).

The certificates have a long validity as we are not able to update them every year in the devices. So there should be no need to replace them. Also they are working with the old modules. And the client does not connect even with security level 0.

Hi Herbert.
I checked the firmware version of the modules.
The working ones are EC21EFAR02A04M4G (old testing one) and EC21EFAR06A01M4G.
The non working are all EC21EFAR06A03M4G.
Could you please send me files for downgrading the firmware to the working version? It would verify that the problem is caused by firmware and we would have a way to make them work before it gets sorted out.
Thank you.

hi,IvanPI:
I am very sorry for not reading your reply in time.Please download the corresponding firmware through the following link. If there is any problem, we will continue to communicate.
https://quectel123-my.sharepoint.cn/:u:/g/personal/ae-fae_dom_quectel_com_cn/EZtlZij9A7FHvKD9oPEU18EBeWGW4fRgbLtqIxGa7PwDmA?e=5UXdrI
https://quectel123-my.sharepoint.cn/:u:/g/personal/ae-fae_dom_quectel_com_cn/EeFI_j__nfhLiXmdMLs6KHMBmv18Tr9DevrJln_pr4d6xg?e=RYE8Rk
https://quectel123-my.sharepoint.cn/:u:/g/personal/ae-fae_dom_quectel_com_cn/EfG6R9ewpD1On5vtVpXjPhkBTRI0YxvRZL8lmHlCdVQHrQ?e=3Wap5R

Hi Herbert.
The firmwares you provided were most useful.
The modules connect normally when downgraded to version EC21EFAR06A01M4G.
The modules connect normally when upgraded to version EC21EFAR06A05M4G and the server’s certificate purpose was extended (keyUsage of keyEncipherment in openssl).
The version EC21EFAR06A03M4G I was not able to make work.
So we will check the firmware version of every module bought and upgrade it as necessary.
Thank you for your help.