Certificates are used to secure web traffic and to fight forgery and data theft. When you use https:// links in a web browser, all traffic will be encrypted with TLS.
Before a secure connection is estblished, compatible encryption procedures must be negotiated between a PC and a webserver. This is done automatically by a standardized TLS handshake protocol and unless something goes really wrong you won't notice anything of this quite complicated background pcodedure. During this handshake the webserver presents his public certificate that your browser will use to encrypt all traffic. Only the webserver is able to decrypt the traffic by using using his secretly held private key.
Transport level security protects you from evesdropping by third parties and ensures that the webserver you communicate with is indeed the one you think it is and not a camouflaged croocked server. For this to work, the server's certificate must be signed by a trusted authority. This is called chain of trust. Every webbrowser is able to verify the chain of trust. If someone would temper with a certificate, the chain is broken and your webserver would immediately show a warning and block all communication with the host in question. There are also mechanisms in place that allow revocation of certificates that were issued by authorities that did not comply with strict security policies in the past.
Certificates are only valid for a certain time span, usually one year or even shorter. They need to be renewed by the webmaster before they expire. There are many other things that can go wrong with certificates and with IP Checker will tell you the most critical problems.