When you setup your website to use HTTPS, you’d need to either create a self-signed certificate, or purchase a certificate from a Certificate Authority such as VeriSign.
In the past, many have opted to use self-signed certificates, as Certificate Authorities generally charge fees to issue certificates.
Self-signed certificates however is not an ideal solution as it would either require every client devices to have the certificate installed, or introduces a security vulnerability where you have to ask your end-users to trust the self-signed certificates.
Fortunately, there is now a better solution, provided free-of-charge, by a non-profit Internet Security Research Group called Let’s Encrypt.
Let’s Encrypt is a Certificate Authority (CA) that offers free SSL certificates. It also comes with a fully-automated mechanism to issue and renew certificates (on Windows and Linux), so you don’t even have to manually renew expired certificates.
Have a look here for more details: