Oh d*#n, it looks like MVPS is the culprit.
When running the defender_updater.py one sees that there is a certificate error connecting to MVPS.org:
CERTIFICATE_VERIFY_FAILED
But connecting via browser or openssl works flawlessly.
Does python use another certificate store? (tested with SFOS 3.2 only now)
MVPS.org uses LetsEncrypt whose root cert might have been run out…