I've been reading a lot of articles that mention the SSL certificate, and I was wondering if it's a must for every site to have it or not? I hear they are expensive. Is it true? What is their true purpose?
HTTPS isn't a requirement for search. That almost certainly won't happen in 2017.
What will happen though is that Chrome will flag pages that have a form with either a password or a credit-card field on them, on HTTP, as being "non-secure". This is planned for Chrome 56, going out end of January. If you have a login or credit-card form, make sure it's on HTTPS.
That said, the general trend towards HTTPS isn't going to go away. It'll also get easier and easier to go HTTPS, so perhaps that expensive option you were quoted will end up being just a checkmark at some point. Moving now has the advantage of knowing what's involved (and being able to help your clients when they decide to move). Setting up new sites on HTTPS from the start will probably become the norm next year, HTTPS isn't a fad that'll go away like a 90's sweatband
If your site uses a Paypal button and the payment form redirects to Paypal so all the credit cards and payment information is done through them, it doesn't sound as though you have to rush. A Paypal button isn't "...a form with either a password or a credit-card field on them." so it wouldn't register for penalties.Thanks for that information. I have a site which accepts payments through Paypal and credit cards so I guess I have to get on that right away.