I’m a big fan of @letsencrypt for SSL certificates! As of iOS 12.2 (out now), if your website isn’t HTTPS then its domain name is very visibly prefixed with “Not Secure” in Safari’s address bar. That’s going to make your visitors nervous. Chrome etc on desktop computers, I understand, are doing the same thing now/soon. It’s time.