HTTPS is becoming increasingly important for every website out there on the internet and even on intranet sites. As HTTPS prevents eavesdropping and MiTM attacks. All major browsers discourage visiting HTTP-only websites and there are multiple initiatives to issue TLS/SSL certificates needed for HTTPS to as many websites as possible..... except to websites based in US-sanctioned countries.
The prime example of excluded from the secure internet due to US sanctions is the DPRK. While the China-based DPRK website Uriminzokkiri has a valid TLS/SSL certificate, all DPRK-based websites such as Naenara, KCNA, Voice of Korea and Rodong Sinmun do not have access to any kind of TLS/SSL certificate.
What do we do? Try to take action via our US-based comrades? Try to start our own CA?
Websites in the DPRK's intranet have access to SSL certificates. Their root CA for all websites within the DPRK is the Pyongyang University of Science and Technology if I'm not mistaken. They also issue certs for their own websites on the internet.
The next step, in this situation, is pushing for certificates from sanctioned countries to be included into free software web browsers. I'd even argue that forking Firefox just to do this is justified, though supporting an up-to-date fork is no easy task, even for small changes like changing the default cert store.