Web traffic should not travel through the internet in plaintext. When exposing our Odoo web server to be used on a network, we should use the HTTPS protocol to have the traffic encrypted.
In some cases, it might be acceptable to use a self-signed certificate. Keep in mind that using a self-signed certificate can pose some security risks, however, such as man-in-the-middle attacks, and may not be allowed by some browsers.
For a more robust solution, you should use a certificate signed by a recognized certificate authority. This is particularly important if you're running a commercial or e-commerce website.
Note
The Let's Encrypt service at https://letsencrypt.org provides free certificates. An Odoo add-on module exists to handle the automatic requesting of SSL certificates for the Odoo server, but at the time of writing, it wasn't yet ported to Odoo 12. You can learn more at https://github.com/OCA/server-tools/tree/11.0/letsencrypt.