Sure, but if they're hosting it on their own site then who's to know it hasn't been modified by them for some reason?

ie it's no longer a "source of truth"

Post the checksum J/K. Court should maybe GPG sign it though.. something like that. So we can verify the creator of any particular document.

Who is this for though? Your average user would not be able to use it or understand the purpose of it. A big image of a padlock with a tick saying “SECURE AND VERIFIED” would be just as effective.

Have to start somewhere. Especially in this age of AI where everything can be faked. Put a "learn more" link that says how they can verify the authenticity. If people aren't interested in learning, that's on them. A padlock doesn't tell you anything. The padlock next the URL just says the connection is encrypted. You used to be able to pay $200 and the cert authority would make you send documents proving you are who you say you are, and it'd show your company name next to the address bar. I went through the process once. It was a good idea IMO, not sure why we got rid of it. Maybe shiesty authorities that weren't doing their due diligence.

The average user doesn't understand TLS but they use it. The average user doesn't understand TCP but they still use it. That doesn't sound like a problem to me. Having signed documents isn't a bad thing.