About 2 or 3 years ago I setup a pfsense server to prevent one of my family members from accessing facebook too much; they requested it.

It worked well and they were allowed to access Facebook for a specific hour a day.

Situations changed and they moved around and now I've dug the old pfsense box back out again only to find squid barking error messages at the user when something with an SSL Certificate doesn't match up; or the server on the other end isn't crazy about what we're doing over here.

I've installed the self-signed-certificate we generated from the CA (which is still valid) and although I can still load / block sites that are http, I seem to be having many different issues with the HTTPS ones.

If I'm not mistaken in the past few years TLS 1.3 came out, and at the time I set this pfsense box up, I believe TLS 1.2 was the top bar for this sort of thing.

The error messages seem to be rather varied. I'll also gladly delve into the log files if anyone needs me to check them in there, be they for Squid, SquidGuard, or something somehow firewall related.

I also found a recent (2019) thread that states that I should go about this by checking ignore internal cert validation (but it looks like this may be for a reverse proxy server and not a web content blocker proxy filter), but I don't know where to find that in the settings (and the settings in pfsense are quite numerous). I was however able to find the CA and Certificate settings as well as those for Squid and Squid Guard.

It also appears I am running Pfsense 2.3.1 Community Edition (I think they may be on 2.5 now) and FreeBSD 10.3-RELEASE-p3 (they're probably on 11 by now).