Using a self-signed certificate

SSL or TLS today (but no one still calls it that) is built on the chain of trust, you have a CA (cert authority), an intermediate certificate and the end entity certificate. Each guarantees that the other one is valid, and that the end entity is indeed belonging to who you think it belong to. With self signed certificates you have no way of checking of who you're talking to and you have no way of knowing some bad actor didn't intercept your traffic with your self signed certificate and swapped it with their own self signed certificate, since if you are expecting a self signed certificate it will seem all the same to you.

Despite it still being encrypted and safe, SSL was built on the principle of the chain of trust, and everything expects that chain to exist. With how cheap or even free (Cloudflare origin certificates, Let's Encrypt) certificates are today, there really is no reason not to use them.

/r/networkingmemes Thread Parent Link - i.redd.it