Could you please try to use an IP address instead of a hostname for a Server/Relay the Client is trying to register with?
Also a similar issue was resolved by reducing the MTU size on a Server/Relay (when the VPN encapsulation added overhead to the packets, causing them to exceed the Path MTU and get fragmented)
I can retrieve other secure websites from the same client, so HTTPS is not blocked by the network.
The fallback HTTP registration attempt fails at the server with http failure code 0, so it looks to me like the server is refusing to register just this particular client, possibly based on the parameters passed in the registration URL (MAC address, IPv4 subnet & address, client version).
The only reliable way (per devs) to verify DNS resolution would be adding a Relay’s IP/hostname into the Client’s OS hosts file. Also you may need to make sure that a DNS resolution is working both ways (a parent Relay should be able to communicate with a Client as well).
If that won’t get an answer, Wireshark could tell if there’s any communication between Client and Relay.
Is there Proxy/Firewall/VPN between Client and Relay?
Which OS is Client and Relay?