Okay, I think I know what is happening now. Thanks for the log info that helped.
This line indicates that your client is using Openssl-3 whereas IPFire is still on Openssl-1.1.1 and there is a mismatch between these two in terms of the CA/Host certificate for OpenVPN in IPFire.
You can read about this in the following thread.
https://community.ipfire.org/t/ovpn-cert-creation-algo/7911
The solution is defined near the end of that thread from post 18 and involves adding a Legacy entry into the openssl.cnf file on your client. That post gives more details and I can confirm that it worked for me.
Openssl-3 is planned to be introduced for IPFire but recently there were several releases in a row with various security issues which required fixes or reversions so the core devs decided to wait for a while until Openssl-3 looked to be more stable from a security point of view.
The Openssl-1.1.1 series is still supported and gets any required security and bug fixes and was not affected by the issues that occurred on Openssl-3.
Hopefully the above fixes the issues you have been having with the secure version. Let us know either way.