Intermittent pfSense CA Login Cert Error

As the title says I have a custom domain and a pfSense box that I have setup to get a Let’s Encrypt cert through ACME.

I am using that Let’s Encrypt cert and custom FQDN for login on the pfSense firewall. This setup works most of the time, but every once in a while it will say the cert is invalid and will not let me access the firewall.

When this happens I have to login using the IP. I then go in and select a different login cert, save. Then go back and change the login cert back to the Let’s Encrypt cert and it works again until it doesn’t.

As best I can tell the Let’s Encrypt cert is renewing correctly, so I’m not sure why the login cert seems to randomly become invalid.

I would check the logs to see if there is an error as to why the certs are not renewing.

are you using pfblocker-ng with geoip blocking? If so this might block the LE checks coming from random IPs during renewal. You’d have to disable geoip blocking during renewal.

I am using pf-blocker-ng with some geoip blocking. However, there are no error logs about certificates failing to renew.

I looked at the current cert and it says it expires in Dec. So I guess at this point I will wait to see if it renews and if it doesn’t were exactly it fails at.