> Nothing prevents you from using a self signed cert.
With the various web browsers continuing to disallow or blar warnings about "SELF SIGNED CERT", this is not true. There's a lot of _current issues_ trying to access a self signed HTTPS site using mainstream browsers because they know better than you do.
That is just an implementation detail. It's trivial to create your own local CA, put it into the trust store of your device, use a cert signed by it and be done with it.
I've been using self-signed certs on my websites for 20 years. Part of the problem is that the HTTP/3 implementations do not allow the use of self signed certs. CA based only.
That is just an implementation detail. It's trivial to create your own local CA, put it into the trust store of your device, use a cert signed by it and be done with it.
And that's fine if it's only you and some friends using it. But if I want a random person on the other side of the world to be able to search for $topic and load my website it's not gonna work.
For the last decade or so I've gotten about 1k hits per day on my self-signed HTTP+HTTPS site. Random people will click past the scare tactics of modern browsers re: self signed if the topic is already technical and the demographic understands browsers are stupid. But all these people would be unable to visit under HTTP/2 or HTTP/3 only.
It adds security for local deployments as well because you either trust the local CA or your browser tells you that someone has owned your network