Exception Error while reading from Azure Key Vault

Client assertion is not within its valid time range.

According to your error message and your issue occurs intermittently, I think it may be your token's region time cause the problem. Region time may have some time interval with your token valid time.

So, I suggest that you could use DateTime.UtcNow as standard to set your token start time and end time. Here is a code sample you could refer to.

private static async Task<string> GetClientAssertiotokenAsync(string tenantId,string clientId)
{
    X509Certificate2 cert = new X509Certificate2(@"D:\Joey\Documents\joey.pfx", "password", X509KeyStorageFlags.MachineKeySet);
    var now = DateTime.UtcNow;
    var tokenHandler = new JwtSecurityTokenHandler();
    var tokenDescriptor = new SecurityTokenDescriptor
    {
        Audience = $"https://login.microsoftonline.com/{tenantId}/oauth2/token",
        Issuer = clientId,
        NotBefore = now.AddHours(1),
        Expires = now.AddHours(3),
        Subject = new ClaimsIdentity(new[] {
        new Claim("sub",clientId)}),
        SigningCredentials = new X509SigningCredentials(cert)
    };
    SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);
    string tokenString = tokenHandler.WriteToken(token);
}

For more details, you could refer to this article.