Hi @mirion,
The certificate authority can't tell that the person requesting a certificate at a particular moment is the same person who controls the domain name, except on the basis of what the DNS system says about the domain name.
I'm not sure that this represents a definitive summary of the view of the people running the server side, but I've tried to summarize this concern at
My suggestion is that allowing people requesting certificates to override what the DNS says about how control of the domain should be validated is opening the door to new attacks, if the attackers can control one kind of network route but not another.
I would suggest further attempts to persuade the ISP, or registering your own domain name so that you're not reliant on the ISP's DNS management.