It was the German equivalent of the NSA, with the German equivalent of a National Security Letter, sent to Hetzner to force them to intercept this customer's traffic. The same thing happens in the USA.
The German NSA seemed unable to access the server as they only intercepted the traffic. They got a TLS certificate from Let's Encrypt by intercepting traffic. If the app had used public key pinning, and the server had full disk encryption, this wouldn't have been enough for a compromise.
