HTTPS cannot work without a "certificate" file. That's why, when you activate HTTPS in the Admin-panel, you get something like this:

The easy way is to let HFS automatically make a basic certificate (self-signed), just by clicking the "make one" link. But this easy solution has the downside of showing an ugly warning to the final user. This is what the user will see:

You can avoid this warning by getting a better certificate, but you need a domain, while self-signed don't have such requirement. There are several companies selling certificates, but you can get one for free at https://letsencrypt.org/ . Once you get your certificate, don't forget to set it in HFS. See comment on using certbot in webroot mode.

A certificate comes with another file called "private key". Both files of the pair must be set in HFS.

It's very important to keep these files private, so never have them in your "shared files".