SSL certificates are basically required for all modern web sites. The problem is that (1) they cost money, and (2) you have to renew them every year or so. It gets to be a real pain, especially if you manage multiple sites.
There is an alternative-- create a (free) self-signed certificate, and give it an expiration of 99 years, but anyone who visits your site will see a huge warning message that it is unsafe.
The solution: Let's Encrypt.