Yes, it’s reasonably likely that the users are being faced with deliberate interference from their network operators. 
One possibility would be to ask them to save the certificates in their browsers. If you want to practice what the user interface looks like in different browsers, you can visit
They have some deliberately misconfigured and invalid certificates, which can simulate the behavior that a user would encounter either when visiting a misconfigured site or when under attack by a network that tries to stop or intercept access to a particular site. You can then see what steps to take in your browser in order to download the certificate.
If the users experiencing the problem follow similar steps, they could share the exact certificate data with you or with another forum, which would then make it straightforward to confirm that the problem is being caused intentionally by a network operator.