I think you hit this error "Invalid token. Please try again" is because somewhere might cache the token value from the login form.

For example, If I access your site, somewhere cached this token from the login form but you still can manage to login because the token is matched. But if someone accesses your site from other places, your server loads the cached HTML content on the page ( mean the cached token will be rendered to the login form) so when this user tries to log in, he will hit the invalid token.

Even the Joomla login form or Easysocial login form also has the same issue, you can check my attached screenshot below but this might be difficult to reproduce the issue sometimes.

The reason why Joomla or we need to add those tokens into the login form is that those tokens have to prevent these CSRF attacks, you can read more this following reference link: https://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms

Perhaps you can consult with the JCH Optimize plugin developer and see whether they have encountered this kind of issue before?

Or don't know is it possible to exclude do not cache certain modules or do not cache the specific HTML hidden input? e.g. https://monosnap.com/file/zkGiQx9OwqsvkIua7bkM9mg43SEd2a