60 means no CA can validate the provided certificate.
The self-signed certificate we would generate would be no better.
60 means the frontend could serve some certificate, whatever its content,
which means the domain is minimally functional. So do not bother pushing
a self-signed certifiate, and do not signal a failure to the caller.