Just to complete the thread to help other users. Thanks to arnear suggestion, I just put together my 2 let’s encrypt certificates: cert.pem and chain.pem with the headers he indicated and used the new certificate in HA. Then my Sonos accepted the tts generated mp3s just fine.