Actually, it's free to set up HTTPS if you use letsencrypt.org. It takes roughly an hour of research to get it working, give or take depending on your current server setup. There are only a couple of gotchas: one, you have to make a certificate signing request file, .csr, which is easier on Linux than Windows. IIRC you can do it with Docker on a Windows machine. The second catch is, there are actually two files you have to put on your webserver, one is the private key, but the other is some "security key history" file that says where the security key came from. I can't for the life of me remember how that was setup, but it gave me some ugly unexplained "not secure" error in Chrome until some furious Googling surfaced the issue.
Oh, and the third catch is, try to make the links embedded in your site use https, since an http frame embedded in an https frame isn't secure by virtue of the parent frame. Anyway, if you take the dive, expect a few headaches and unexplained "this page is not secure" experiences before you hammer out the bugs. But it's doable in a single weekend for free, and you get a nice professional looking https bar as a bonus.
Also, some managed cloud services can turn on https for you with the push of a button, so it could be worth digging around in your settings if you're using a high level CMS / cloud host.