Would have to be with a very noticable warning. Other than that, it could use TOFU like Gemini.
@Hyolobrika
It almost works like that already.
When you open a page on a server with self-signed cert, it gives you a warning, if you accept it, it adds an exception for that cert — you can see the list in preferences under Privacy & Security → Certificates → View certificates → Servers
@Hyolobrika
It also keeps the fingerprints so if you get a different cert on a later visit, it will give you a warning again.
To simplify adding an exception on the first visit you might want to consider this: http://kb.mozillazine.org/Browser.xul.error_pages.expert_bad_cert
@Hyolobrika
…with self-signed cert your first visit might already be to a forged website, making you trust this "fake" cert, but with LetsEncrypt and the website out of the state's reach (not hosted in Russia) — you're safe.