Strange problem. After I reinstalled the CA on the server and converted the root CA .crt to a .PEM, it suddenly worked.
update-ca-trust unfortunately didn’t help at first either. So far, the problem has only occurred on this Linux server. It seemed to be a bug on the Linux system.