Unless you have a good reason not to do so, the services you run on
your server should be encrypted. For the last few years, and probably
the next few, that means you need a security certificate, commonly
called an SSL cert, even though we just stopped using SSL in favor of
TLS, which is exactly the same but slightly more advanced.
(You don’t run a server? OK, the services that you access should be
encrypted. It’s the moral equivalent of sending letters in sealed
envelopes instead of postcards: you do it even when it doesn’t matter
much, because that way you don’t accidentally forget and send a hundred
dollars to your friend by taping it to a postcard. The rest of this post
is for people running servers – mostly, people who run one or two
servers as a hobby or small business. I expect the professionals to
already know all this.)
(But some don’t.)