Let's Encrypt provides free, automatically renewing SSL certificates trusted by every browser. The easiest way to use it is Certbot.
1. Install Certbot
On Ubuntu with Nginx:
apt install certbot python3-certbot-nginx -y
With Apache, install python3-certbot-apache instead.
2. Request the certificate
certbot --nginx -d yourdomain.com -d www.yourdomain.com
Certbot verifies you control the domain (it must already point to this server), installs the certificate and configures HTTPS redirection for you.
3. Confirm auto-renewal
Certificates last 90 days, but Certbot installs a renewal timer automatically. Test it with:
certbot renew --dry-run
If the dry run succeeds, you never need to think about it again. Visit https://yourdomain.com and look for the padlock.