As a side note: you not technically need a domain or a let's encrypt certificate to enable https. As a test you can create your own certificate, and use that for https (snake-oil certificate).
This is not appropriate for longer-term usage. If you want to run websites on the Internet long-term, you should buy a domain and get a lets-encrypt certificate.
A government could create a new certificate for any domain without having ownership of the domain or permission of the owner. This way they can perform Man-in-the-middle attacks.
In such an attack someone intercepts the traffic of a client and presents their own certificate.
Because a government can create a universally accepted certificate, thise would be accepted as valid. The traffic can then be decrypted and forwarded to the real website. The attacker is now between the client and the real host (the Man in the middle) and can view the unencrypted traffic.
There are also the colored circles 🔴,⭕ and 🟢. The worst part for me is that while the emojis are technically one char in code, they are usually displayed with a 2-char-width.