Well, that has been recently discussed that that behavior was a security problem.
So, you have two choices:
1. (manually) configure the server name in the account setting to match one of the names on the certificate (Long press on account name -> Account setup -> "Manual" ),
or
2. you can choose not to use "strict" (under TLS/SSL and/or STARTSSL) - rather "accept any".
There will be some further improvement to this functionality.
And a word of personal advice: if you are using "accept any" (which is in general dangerous, as you are never sure you are sending your login and password to the correct server, and it is not intercepted), I'd recommend to enable the option "SSL certificate change detection" (Under Settings -> Network).