The pfSense forums https://forum.pfsense.org have several posts on ULAs and I have tried about everything they have suggested but the problems they encountered keep biting me too. The best suggestion was from one of the staff folks that suggested abandoning the ISP's flaky IPv6 and getting a stable and usable tunnel from HE and using that.
My ISP, Cox Cable, seems to have gotten the PD (Prefix Delegation) sorted out well enough that I haven't had to go that route. I will be adding a cron script to watch for PD changes and update the Pis if that does happen. See the first post here: Use IPv6 ULA addresses for Pi-hole
The suggestion later by spacemonkey did not work out for me.