[lxgr]

Huh, I never knew, I've been using QUIC on my Raspberry Pi's web server for years... Did I unknowingly go corporate!?

Even if you don't want to get a Letsencrypt certificate, you can always use a self-signed one and configure your clients to trust it on first use or entirely ignore it.

SSH also uses "mandatory host keys", if you think about it. It's really not a question of the protocols but rather of common client libraries and tooling.