You cannot do that: MitM attack is based on the fact that the person between server and valid client already has all the valid certificates. So for your server he behaves like any other valid client.

Assuming that there is a man in the middle, all information that "your visitor" provides (which you might somehow use to identify what certificate they are using) would actually be information that the man in the middle provides. That means you cannot trust it (which is a good rule of thumb really even when there is no MITM).

In other words, this is not possible.

Another way you could reach this conclusion is this: if this were somehow possible, "man in the middle" would not be a term we all know today.

As @Jon and @zerkms have already said, it's the client's responsibility to check the server certificate.

One way you could make sure, as a server, that the client is using a connection that has presented your server certificate is to request client-certificate authentication. Indeed, during the handshake with a client certificate, the CertificateVerify TLS message contains the signature of a digest of all the handhsake messages that have been exchanged so far, including the server certificate. If the TLS handhsake succeeds, the client will have sent the correct signature, verifiable against its certificate.

Of course, from the server point of view, this only works if you trust the client certificate.

This wouldn't completely solve the problem, in particular because it's not advisable for a client to accept to authenticate using its certificate against a server it cannot verify (even if the private key wouldn't be leaked, the identity of the certificate would be sent to the rogue party).

Again, at the end of the day, it's still the user's responsibility to decide whether it trusts the identity of the server.