One of the most common certificate-related errors developers commit is to create self-signed certificates, instead of creating proper certificates. Perhaps it is to be able to create certificates with an apparent long lifetime, to avoid having to update them in the field, or to avoid the cost of creating a proper certificate. Both arguments are invalid. You can easily create valid certificates for free today.
Using self-signed certificates is a great risk in itself. Apparent security is not true security. First, you must disable security features to allow such certificates to be validated. Either you do that in code or you install the certificate everywhere where the certificate is to be validated. Both create severe vulnerabilities. In the first case, disabling such features in code, often results in these features being forgotten and ending up in production environments. This in turn results in the system being vulnerable against MITM attacks. Installing self-signed certificates in the system can be even worse. Having access to the private part of a certificate you can create other certificates, having the self-signed certificate as an issuer. These will automatically validate. You can then perform successful MITM attacks using DNS spoofing of well-known services, and you would not notice, since the fraudulent certificates used would validate everywhere where the self-signed certificate was installed.
Also, a requirement to use TLS or DTL, does not require you to use certificates, even if it is the common use case. There are ciphers based on pre-shared keys (PSK) that you can use. In such case encryption is established. But you lose the ability to validate certificate chains and revoke compromised keys. But, it's preferable to use PSK in a responsible manner than it is to use self-signed certificates.
Use https://www.ssllabs.com/ssltest/ to check your TLS servers and get tips on what you can do to improve their security. While you're at it, if you run Windows Servers, you can use the IIS Crypto tool to control cipher settings to improve your score: https://www.nartac.com/Products/IISCrypto.