Do not show insecure warning when visiting HTTPS onion website

There are many reasons for example I need a ssl certificate for an hidden service to be able to send push notifications (https://developer.mozilla.org/en-US/docs/Web/API/notification 9). as simple as that. It is technically easy to do, although unsupported.

why doesn’t tor browser itself insert it’s own CA (name constrained locked to .onion domains) and automatically write certificate to onion domain with matching public key?

https://community.letsencrypt.org/t/letsencrypt-for-onion/10045