I had a successful deployment of HTTP/3 on my main domain. Then I deployed the exact same config on a private domain (.dn42) with a self-signed certificate, and my browser wouldn’t connect over HTTP/3. The config was the same, and curl –http3 worked fine.
HTTP/3 REQUIRES TLS. But that’s in the protocol. It turns out that browsers also requires a valid PUBLIC certificat (signed by a certificate authority in the CA/Browser Forum). This means that with a self-signed certificate, Firefox won’t connect over HTTP/3 event if you add the CA to the trust store !
The fix
For Firefox, go the the page about:config and change network.http.http3.disable_when_third_party_roots_found to true.; then restart the browser.
For Chrome you need to use command-line-flag, for each domain …
chromium-browser --origin-to-force-quic-on=your.domain.tld:443