[superkuh]

True in theory, not true in practice. It might work if all the random people on the internet used cURL to visit my websites but they tend to use browsers that are Chrome based. And Chrome's QUIC (or the underlying quiche library) differs how Chrome's H1 and H2 implement TLS. It will not accept a self-signed cert during a HTTP3 QUIC connection. Even going localhost (defeats the point, but to check) and trying --disable_certificate_verification --allow-insecure-localhost will not work.

Like I said, the megacorps that designed QUIC designed it for their use cases and that does not include allowing human people to host websites by themselves. Not if it potentially impacts e-commerce security. Their implementations reflect this.