In the doc it says:
" It’s possible to set up your own domain name that happens to resolve to
127.0.0.1 , and get a certificate for it using the DNS challenge. However, this is generally a bad idea and there are better options."
Why is it a bad idea? And why would the other options like self-signed be better?