The software is used by 1000s of students and gamedevs. Each one needs a cert
Users and devs need zero network configuration. Currently files are served from http://<ipaddress-of-local-pc>/18679. The software/library registers itself with happyfuntimes.net. As long as users are on the same WiFi (behind NAT) they'll then players can get out their phone, go to happyfuntimes.net and they'll be redirected to http://<ipaddress-of-local-pc>/18679 since the redirection server running at happyfuntimes.net can see a matching public IP address for both the system run on the local pc and all the players using their smartphones.
Now, those users/devs need a cert so they can serve HTTPS. Hence the need for lots of certs.
All of these issues were gone over in this thread which ended with realizing I need way more certs than 20 a week.
You will basically require internet connectivity for people to use your system. Is that wanted?
Yes and no. Sometimes yes. See example above. Sometimes no (see museum example in other thread). In the no case though the user/dev can connect on internet to get a cert and a domain name. Then can then run the system in "no internet" mode and use that cert for ~90 days.
Using self-signed certs is a NON-STARTER. Users are not devs. They will not put up with warnings and will not click the tiny "advance options" -> "really go to untrusted sight" fine print. Remember these users are parents and kids in museums not devs. There is no one there to hand hold them through the process.
Also the many of the devs themselves are art students not techies so any solution that requires manually generating certs and configuring OSes is out as well.
Someone in that thread linked above suggested trying to get my domain added to the PSL. I'm not sure if that's possible and even if it is if it will work.