According to the twitter thread, the certificate is generated and used locally on your computer, not remotely on the NordVPN servers. If this is confirmed it doesn't sound too bad, but if the NordVPN software is closed source it's still suspicious.
Don't use NordVPN<p><a href="https://www.privacyguides.org/tools/#vpn-providers" rel="nofollow">https://www.privacyguides.org/tools/#vpn-providers</a>