Here’s an example of MITM by interception of automated certificate renewal downstream of a VPS hosted at Hetzner. The presumption is that it was a lawful intercept installed within Hetzner or one of their internet providers. https://news.ycombinator.com/item?id=37955264