I am able to grant clients access to my SQL Server which is configured to require encrypted connections using an automatically generated self-signed server certificate and they are able establish encrypted connections to the server if accepting self-signed certificates, but when they try to change their own password, this fails, independent of whether this is attempted in the dialog window appearing in SSMS when logging in the first time (if the server requires this) or if attempting to do this by issuing the command ALTER LOGIN (when the server does not require this). In the first case, an error message appears saying that the self-signed certificate is not trusted, and in the second case, an error message appears (Msg 15151) saying that the login does not exist or the user does not have permissions.
If I configure the server to not require encryption, the password change works.
I have also tried using another self-signed server certificate, i.e. one not generated automatically by SQL Server, but one generated by myself in PowerShell (following an official MS instruction), however, this did not work either.