Are you seriously not aware of Let's Encrypt? https://letsencrypt.org/
Nobody has really had to pay for certificates for quite a number of years.
What certificates get you, as both a website owner and user, is security against man-in-the-middle attacks, which would otherwise be quite trivial, and which would completely defeat the purpose of using encryption.
As long as Let’s Encrypt is still around.
I find it hard to believe there is no way to secure without requiring an authority in the middle.