Ah, ok, now we are getting somewhere ...
Still, what does this CA cert has to do with it ?
Anyway.
When you use solutions that block 'some users' to visit 'some sites' you need to read awful lot of information. Because you have to understand the why / what / when.
Added to that : when you have a working situation, you have to survey it constantly as your are using rather complicated solution that can change any moment.
This is a topicality : you want something, so you implement something (like driving that car you bought - you do it, because no one will be there for you for your car).
So, read the forums I mentioned.
Try something like Google pfsense block Facebook - just read and you will get the picture.
Have a look at the Netgate's Videos about this subject (Youtube => Netgate).
Btw : I never ever I block 'some sites' for some of the visitors or my colleagues or who eve on my networks. I'm using pfSense in a company - not some family or related environment. I also tend to keep things simple.