Looked into it a bit more, I don't think DNS is the issue. The request goes to the correct IP address, and then my ISP does the MITM attack based on the IP address. So, instead of getting justine.lol's SSL certificate, I get a certificate instead for *.safezone.mcafee.com. Firefox correctly flags this as a bad SSL cert, and I don't want to accept the bad cert, so I basically just don't have internet access to these websites using my ISP.
Author here. I use MbedTLS to serve justine.lol using Let's Encrypt and TLS v2 with a permissive policy regarding older (but not yet obsolete) crypto formats and protocol versions (because I like supporting old browsers and old operating systems). If there's a weakness in the way I'm doing it, then I want to know about it. It might be possible that your client accepts older weaker SSL varieties and the MiTM is using that somehow as an attack vector. If so, you can try changing your browser settings. It might also be time for me to consider trading away some compatibility by forcing clients to use stronger security. Let me know what you learn! My email is in the blog post.
It's not your fault, it's my shitty ISP. I was able to access the article after discovering a setting to disable it in my modem/router. Thank you for sharing your work!