Your site needs an SSL certificate if only because search engines will penalise you if you don’t have one and users will see the off-putting ‘ This site is not secure’ message. A lot of other good reasons.
https://www.cloudflare.com/en-gb/learning/ssl/what-is-an-ssl-certificate/
Not all SSL certificates are created equal. Let’s Encrypt is free, great and is probably what you have installed on your website. You can pay a lot for an industrial strength certificate but most will not unless they are a large organisation, take payments on their own website (not embedded solutions) or have very sensitive data.
Check your certificate here
https://www.ssllabs.com/ssltest/analyze.html
Hopefully you get an A rating.
Having a padlock means the interaction between you on your browser and the website you are using is encrypted, a very good thing. It does not mean that the website itself is to be trusted in any way and is not the same as green bar padlock status. This explains it:
https://www.catalyst2.com/blog/good-bad-lets-encrypt/