Postfix, TLS and self-signed certificates
Self-signing certificate means that it is not issued by a publicly trusted certificate authority like Let's Encrypt. This means that the certificate will not be trusted by applications which just trust publicly issued certificates - i.e. most applications. That's why you get this validation error.