@tootie didn't say anything about the certificates being self-signed. Later this year, the new Let's Encrypt CA will make it free and easy to get certificates.[1]
Moreover, it's my understanding that the default with HTTP/2 is for connections to be secure.
Only if the appliance is serving requests, not if it's requesting. For a piece of hardware like a carwash that is running servers, the manufacture should be maintaining that software routinely anyway.
Why not? If they're going to go to all the trouble to "Internet enable" a refrigerator, surely they can include yearly certificate changes as part of their maintenance plan.
They really should, but I can't even get a cert update on my little home router, do you think a fridge maker is going to do that? Probably once it's out the door, they will pull the one programmer that writes the app and put him on then next fridge or the oven. It's very difficult to see an appliance manufacturer going back to update.
Moreover, it's my understanding that the default with HTTP/2 is for connections to be secure.
[1] https://www.eff.org/deeplinks/2014/11/certificate-authority-...