I agree there are things that would have to be worked out, to prevent opening new exploitable holes. How about we just add some ability to the browser to remember the site (fingerprint it somehow, perhaps) so that the security policy only has to be agreed to once. Kinda sorta similar to SSH remembering known hosts. Once I've told Chrome that my Unifi Dream Router is okay, or my Iotawatt, or Home Assistant, etc ... it should stop making me jump through hoops every time until something changes. And I don't ever want it to flat out tell me no, I cannot reach something on my home network with a low quality SSL implementation unless I blindly type "thisisunsafe" into the security window.

It's a pet peeve of mine, as you may have noticed. I have a lot of little random devices on my home network and many of them have no way (or no simple way, at least) of protecting with a real SSL certificate. Sometimes I'll go through the trouble of using nginx as a reverse proxy to hide the insecurity, but that isn't always easy to get working either.