I see, thanks! Accordingly, I’m using DNS-01 challenge. -
Anyhow, I’m out of ideas then, because the API on pfsense allows for certain input only, which is as correct as copy/paste can be.
I reran the certificate renewal script with just API Key + email address (leaving off Token + Account ID) and guess what,
–> Success!