Today I noticed some of our Central managed APs shown as offline since March but they are up and running.
I did a packet capture on XG and found some syslogs reported by the particular APs. Date and time is totally wrong.
Due to the Time issue, probably the SSL connect is not successful because Cert validity fails.
So now I need someone on site to powercycle the devices...
we found the issue - NTP to cloud NTP servers was failing due to missing masquerading on the firewall for the source network of the APs