An SSL certificte is required in order for a website to be provided over an encrypted, HTTPS channel. Although you can generate your own SSL certificate for free, most web browsers will display warnings about the resulting certificate not being signed by a recognized certificate authority (CA). Not all people who want to have a secure, HTTPS website necessarily need everything that comes with a paid SSL certificate from a well known CA. They just want to be able to add HTTPS to their website without having their customers prompted about the certificate being used.
This website will soon contain more information on generating and using SSL certificates, but for now, I'd like to just include a link to a CA which most common browsers recognize, and which provides free SSL certificates. The website is LetsEncrypt.org.