The easiest way to deal with self-signed certificates is to expect exactly this certificate. This can be done with the SSL_fingerprint argument of IO::Socket::SSL which you can set using ssl_opts in LWP. With this argument all other checks (subject matches hostname, expiration...) are disabled.
You need at least IO::Socket::SSL version 1.980 for this (released 04/2014). See the documentation of SSL_fingerprint for details but in short:
To get the current fingerprint analyze the servers certificate or get the fingerprint from a trusted location with:
use IO::Socket::SSL;
my $cl = IO::Socket::SSL->new(
PeerAddr => "ip:port",
SSL_verify_mode => 0
);
print $cl->get_fingerprint."\n"; # sha256$b64d26746ca1cd5403....
And to use it:
my $ua = LWP::UserAgent->new...
$ua->ssl_opts(SSL_fingerprint => 'sha256$b64...');