pull down to refresh

Yes and no. Your computer trusts certificates because a certificate was signed by somebody you trust. Your OS/Browser comes with a list of a few that it trusts but you can add more manually - if you work in a white collar job your company likely did that.
But if you added a certificate to your browser nobody can break the encryption. Nation states might be collecting encrypted traffic in hopes of breaking it in years/decade - but that's very speculative and probably not what you asked about.
As for government dor ru: I think the issue isn't expired certificates. They just don't have https. Bad practice but there isn't an asset worth encrypting/protecting on that site.
Thanks very clear explanation!
reply