When a website is running on HTTP you should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers. Secondly Google will make your website less relevant in any search results.
So it is a no-brainer you should upgrade your website to HTTPS so connectivity between your computer and the website is encrypted.
To have your website running on HTTPS you need to get an SSL certificate. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. For implementation you can do this (1) for free, (2) cheap or (3) really good.
SSL certificates should normally be bought and after a validation process you will receive the certificate you can import on your website.
Common vendors of SSL certificates will determine the price on the amount of validation and guarantees that is done.
Recently there is a supplier of free SSL certificates Let’s Encrypt that are secure enough to have the browser identify your site as secure and furthermore save enough to do online transactions. If you manage the server (for example by SSH) and with some IT knowledge you can do it for free. https://letsencrypt.org/how-it-works/
A lot of hosting providers include the Let’s Encrypt certificates for you and charge you a few euros per month for this service.
For example, my provider Vevida, has it included in hosting packages. https://vevida.com/webhosting/veilige-hosting/
So why are still companies like Comodo and GoDaddy selling certificates when you can get them for free? Well the amount of security provided by Let’s Certify is quite ok for simple B2C interactions but is made for just one domain and many companies require more security, for example Extended Validation (giving a green bar in the browser) that has a legal entity the trueness of your company and website.
For photographers however that sell a print once in a while Let’s Certify is sufficient.
When you implement the SSL certificate is implemented and you site still says it is not secure, you probably have an HTTP deeplink somewhere on you page.