The Google browser Chrome warns you when you open an unencrypted website that it is not secure. This applies to pages that are opened via the http transmission protocol without an SSL security certificate and offer the possibility of collecting sensitive data.
You can recognise this by the "i" symbol in the URL bar. Since the release of Google Chrome browser version 56 in January 2017, the information "not secure" also appears if an unencrypted page requests sensitive data such as credit card details or passwords.
Google writes in its blog that this procedure may be further tightened to ensure user security.
With the release of Google Chrome 62 from October 2017, a warning will be issued not only for the possibility of entering sensitive data, but also for any data on an insecure page and also in so-called incognito mode.
It looks like Google will penalise all websites without SSL encryption in the medium term - either with aggressive warning messages or by downgrading them in the ranking. I therefore recommend not waiting any longer, but switching to the https protocol as soon as possible. Since July 2018, with the release of Google Chrome 68, all sites without an SSL certificate are now labelled as not secure.
According to Google, traffic to unencrypted websites has fallen by 23% since the warnings were introduced!
Http stands for Hypertext Transfer Protocol - this is the name for a transfer protocol for data between computers - mainly used to display websites in the web browser. According to the standard, this is done unencrypted.
This allows attackers to read the data entered by the visitor, e.g. via a shared (public) WLAN.In addition, manipulation by viruses or Trojans is also possible in principle.
This is why the newer https transmission protocol (Hypertext Transfer Protocol Secure) was introduced - which is based on an SSL certificate.
Let's Encrypt
Let's Encrypt is a free, automated and open Certificate Authority (CA) operated for the benefit of the public. It is a service provided by the Internet Security Research Group (ISRG). Most hosters offer their customers the option of setting up expensive SSL certificates from commercial certification authorities for their domains, but more and more companies are also offering the option of using free Let's Encrypt SSL certificates. The Let's Encrypt community maintains an unofficial, but certainly incomplete list of hosting providers that offer their customers the option of using the free Let's Encrypt certificates in some form. Many German providers also already offer this solution.
If in doubt, please contact me. If your hosting provider does not offer Let's Encrypt and does not plan to offer this service in the future, you may want to consider moving to a different hosting provider. I can gladly support you with this.