This is an issue that I’ve been working with support on for many months, and they have had no success fixing it, so we found a solution ourselves, and are posting here for anyone else who encounters this issue:
We are using the VPN built in to FreePBX (OpenVPN). Every six months the CRL will expire and all phones will stop connecting forcing us to go to the VPN Server and disable > save > enable > save in System Admin to get it to restart and regenerate a new CRL.
To fix this permanently, from SSH/Shell:
Navigate to /etc/openvpn/easyrsa3
Edit openssl-1.0.cnf
Change these parameters to something far in the future (I’ll put 3000 for example)
default_days = 3000
default_crl_days = 3000
Stop the VPN service then start it again