2) use letsencrypt.org for a free SSL cert, this involves a little bit of setup on the server to renew the cert before it expires as these have a 3 month expiry.
Interesting service. It is not much of a problem for this forum, but such a service sounds like the perfect way for the NSA or other 3 letter agencies to get private SSL keys.
LetsEncrypt went through a long period of public security auditing before they offered their service, so it is one of the more secure SSL solutions. It is done properly.
There are many hosting companies that support LetsEncrypt, and they will automatically renew every 3 months - so all you have to do is request a free SSL cert in the CPanel, and you have a certificate that will automatically renew for as long as you want.
Most CPanel hosts now let you enter your own key, so I have 3 LetsEncrypt certs I generate every 3 months (single batch file to update all three), and then I manually add the new keys to tye Cpanels.
For companies, I have always just got a commercial one - RapidSSL is something like A$12 a year if you buy from the right reseller.
Digicert is used by the likes of Facebook, so it is not a bad choice for companies.