Not in current practice. That is why you have to get a certificate from a trusted CA. If your CA isn't in the browser's cert database they will reject the connection even on the first time. If browsers allowed TOFU we would still be able to use self-issued certificates, without manually distributing certs to anyone that uses your service.

SSH is an example of TOFU.

> we would still be able to use self-issued certificates

You still can... it just displays a warning message on first use, as does ssh.