SSH and TLS use two totally different trust models. With SSH, you deliberately accept an insecure first connection, but then rely on key continuity so that subsequent connections won't be any less secure than the first. This happens automatically; users don't have to think about it.

TLS has no key continuity. Browsers talk to tens of thousands of different sites. TLS doesn't work unless you can verify public key signatures all the way back to a trusted root.

Yes, you can manually manage certificates, but you can just as easily add the CACert root to your certificate manager and use TLS the way it's meant to be used. Which, fine, do that. But for the other 99.999% of your users, CACert is no better than a self-signed cert.

So CACert in principle is fine, and better than a self signed. It's just that most (windows) people don't have the CACert root cert installed.

I think many of the linux distributions (notably not including redhat) include the CACert root cert.

You use this word "better" like it means something. If all your users use Linux, you're fine. Otherwise, you need a real cert.