I have the same issue on R81.20 and have a ticket open with TAC.

R&D have responded there is a new Deployment Agent due to at the weekend for this issue. 

There has been no mention thus far this is anything to do with the R82 CRL issue. 

hi,

Havent applied any hotfix reg this and today everything is working as attended. No issues with CPuse either.
CP service health degradation in middle east maybe did an impact.

Hi,

I'm glad for you. Could you check if Deployment Agent [DA] has been updated at this time?

As sk92449 wrote yesterday, a new version 2742 has been released.

I still have the problem.

i have Deployment Agent version: Build 2672

Latest recommended. There is no newer version release or recommended.
sk92449 - Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent

I applied the appropriate HF to all our CP Devices.   All our 3920's now show the: Failed to receive updates from Check Point Download Center. Please verify a valid license is configured as well as Proxy, DNS and routing.
Connection Error, FDT - Unexpected error code.

Current DA is 2672.  I see SK92440 lists the 2742 but provides no link to manually download to apply.   So how is DA going to update if the CP devices are showing this error about not being able to connect to CP Cloud download site?  I ran the curl _cli command which still report the cert validation error:

ERR_lib_error_string: SSL routines
ERR_func_error_string: tls_process_server_certificate
ERR_reason_error_string: certificate verify failed
ERR_error_string: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
* SSL certificate problem: unable to get local issuer certificate

Does this also mean that the other updates from their cloud (IPS, AV, Dynamic Obj etc) are not getting updates????   

I entered TAC case this to get official answer 

Hello, my problem in my gateway has been resolved, but what I did is upgrade to JHF T60 and CRL fix, I am not sure if the fix resolved the issue though it does not resolve immediately after the fix has been installed.  You may try install the fix sk184766 - Certificate and CRL validation fails from March 1, 2026 I think your issue with the blades has something to do with it. 

My Corp GWs are 9200's, Management and SmartEvent servers are virtual -- all are R82 JHF 73 with Check_Point_R82_JHF_T73_TIME_FIX_MAIN_MAIN_Bundle_T2_FULL.   The DA on them are 2672.   None show the error.   Our 3920's are at remote sites running R82.10 464 - which were upgraded from GA1 (272).   They all have Check_Point_R82_10_ga_time_fix_main_Bundle_aarch64_T9_FULL.tgz applied which passed verification.  They all are DA 2672 as well but the 3920's now report the error.   
I read in this thread that originally, if the 3900 was an upgrade from GA1 to GA2, you needed to do a fresh install.  That just was not a viable option.  So waited for this HF to be released that was targeted for GA1 - GA2 upgraded devices.  CP TAC should be able to provide an insight.  I'll update this thread when they provide the answer

Were you able to recieve an answer ? we have the exact same problem. 

The new DA agent was supposed to be ready this weekend.  But when I looked, it was still not available.   TAC confirmed "... The DA looks as if it is not quite finished as of yet. "

I have had a TAC case open.  All our remote 3920's R82.10 GA2 (bld 464) that were upgrades from GA1 (272) have the same message,   TAC reply today below.  Apparently will not provide the DA upgrade directly:

The CRL hotfix did not cause the issue. The Hotfix prevented the Gateways and Management server from potential outages because of the CRL issue. The CRL issue also effected the Deployment Agent as well.

We do not like to apply updates without proper testing, as a result, we decided on rolling out the updates to the DA. I apologize for the inconvenience this may have caused.