In my country, government/ISP blocks websites and changes the DNS results of 8.8.8.8 since it is not encrypted.
If ISP can create a valid certificate, that browsers trust [1], they may be able to access my Gmail or Github account.
[1] https://www.zdnet.com/article/mozilla-to-chinas-wosign-well-...