SSL (Secure Sockets Layer) is the historic encryption protocol that started the secure web. Today all of its versions are considered insecure and have in practice been replaced by the TLS protocol, yet the name has stuck: "SSL certificate" and "SSL connection" are still used as synonyms for secure HTTP.
SSL 2.0 and 3.0 contained vulnerabilities that led to them being retired completely. They were succeeded by TLS — essentially the same idea, but with stronger cryptography and the flaws fixed. When people say "the site runs over SSL", they almost always mean TLS.
A certificate is a file that confirms a domain belongs to its owner and contains a public key for encryption:
So "buying SSL" really means obtaining a certificate to work over TLS.