I don't know if the point has been made clear but here is a less technical explanation of how certs work:
Getting a cert is like having a friend set you up for a blind date. If you trust your friend then you have more faith that the person you're meeting is to your liking. It's not a perfect system but it works for most people.
Some people visiting your site don't know or trust you - it's a blind date.
These people run browsers that identify trusted certificate issuing companies.
Most people don't know who these "trusted" companies are, only that the companies are well recognized, "official", and if the browser trusts them, generally we can trust them too. The browser certs are updated once in a while with a new list of issuing companies like Verisign, Thawte, etc.
So - they trust the cert company, but why would they trust you?
To get a cert, you have to prove to the cert company that you are who you say. You fill out forms and go through a rigorous process to prove your identity and that your website is legitimate. When you have proven yourself worthy the company issues you a cert.
So now you have something to show that you've been through this extensive process to prove you are trustworthy. You've already been through the same sort of process that a visitor would want to put you through to make them happy.
The visitor trust that the cert company has done their job, so if the cert company says you're OK, then (all things being perfect) it's pretty safe to say they can trust you too.
If you have a cert and it comes from a recognized cert issuer, the user doesn't even get a warning- there's no need to warn them that you are safe. Some users don't update their PCs and may not recognize the "buck-99" cert issuer that approved your application. So they get warned that their browser doesn't recognize the cert issuer. (Why should your blind date trust that you're OK when they don't even know your friend?) The solution is either for them to get some new friends (update their browser list of cert issuers) or for you to find yourself some trustworthy friends - you may want to get a cert issuer that costs a bit more, but every browser knows them.
(BTW, this really doesn't have anything to do with browsers either. The trust database can be used by any program that needs to do authentication.)
Self-certing is like walking up to a stranger that you'd like to date, introducing yourself, and saying "hey babe, you can trust me." The visitor can choose to believe you or not. If they're already your friend they'll accept your personal certificate of trust, and their browser will allow you to visit their site in the future without further warning.
You can tell your browser about conditions where it should warn you. In the case of GoDaddy, someone had their browser set to warn if a cert is expired. An expired cert usually means someone was lazy and didn't go through the expense or paperwork again to re-prove themselves to a cert company. But sometimes it means the site is now no longer trustworthy, that perhaps the certificate expired and the site owners can't get a new one. It's like not having your friend vouch for you when you're trying to look good on a date - it doesn't look good.
Certificates can also be revoked if the cert holder has later proven themselves unworthy. You can tell your browser to warn you about certificate revocations. This is particularly important because it means your friend the cert issuer has reason to say a site is no longer trustworthy. Whether they're right or wrong you need to consider for yourself what that means and decide if you still want to trust the site even though something serious like this has occurred. Hey, maybe the site's check just bounced, who knows?
The whole thing about encryption is completely separate from this trust situation. In general if you have a need to establish a trust relationship then in almost all cases it's because you're exchanging confidential information - and that's why HTTPS/SSL is so closely related to the concept of a cert.
The sad thing is that most people get cert warnings like expirations and revocations, and they just click OK on new sites anyway - or they just turn all of the warnings off. For this reason I really believe people should be required to get a driver's license for the information superhighway - they they don't know the rules of the road I'm more inclined to charge them for getting themselves into an accident.
So anyway, that's my blurb and except where it's intentionally vague I'll stick to it.
Don't forget to wear protection when your surfing. (huh?)
HTH
